2300425 – (CVE-2024-41052) CVE-2024-41052 kernel: vfio/pci: Init the count variable in collecting hot-reset devices

Bug 2300425 (CVE-2024-41052) - CVE-2024-41052 kernel: vfio/pci: Init the count variable in collecting hot-reset devices

Summary: CVE-2024-41052 kernel: vfio/pci: Init the count variable in collecting hot-re...

Keywords:
Status:	NEW
Alias:	CVE-2024-41052
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2301584
Blocks:
TreeView+	depends on / blocked

Reported:	2024-07-29 15:40 UTC by OSIDB Bzimport
Modified:	2024-08-30 07:51 UTC (History)
CC List:	4 users (show)
Fixed In Version:	kernel 6.6.41, kernel 6.9.10
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2024-07-29 15:40:55 UTC

In the Linux kernel, the following vulnerability has been resolved:

vfio/pci: Init the count variable in collecting hot-reset devices

The count variable is used without initialization, it results in mistakes
in the device counting and crashes the userspace if the get hot reset info
path is triggered.

Comment 1 Mauro Matteo Cascella 2024-07-30 10:31:00 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024072927-CVE-2024-41052-1a10@gregkh/T

Comment 2 Mauro Matteo Cascella 2024-07-30 10:31:21 UTC

Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2301584]

Note You need to log in before you can comment on or make changes to this bug.