CVE-2024-36900

MEDIUM

Linux Kernel - Buffer Overflow

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix kernel crash when devlink reload during initialization The devlink reload process will access the hardware resources, but the register operation is done before the hardware is initialized. So, processing the devlink reload during initialization may lead to kernel crash. This patch fixes this by registering the devlink after hardware initialization.

References (4)

[Patch] https://git.kernel.org/stable/c/35d92abfbad88cf947c010baf34b075e40566095

[Patch] https://git.kernel.org/stable/c/5c623fe0534806b627054da09b6f51b7b2f7b9cd

[Patch] https://git.kernel.org/stable/c/72ede790f5a03c3957487400a1b72ebce293a2e7

[Patch] https://git.kernel.org/stable/c/c98bc78ce0909ccc92005e2cb6609ec6c7942f69

Scores

CVSS v3 5.5

EPSS 0.0001

EPSS Percentile 1.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-908

Status published

Products (5)

linux/Kernel 5.15.0 - 6.1.91linux

linux/Kernel 6.2.0 - 6.6.31linux

linux/Kernel 6.7.0 - 6.8.10linux

linux/linux_kernel 6.9 rc1 (7 CPE variants)

linux/linux_kernel 5.15 - 6.1.91

Published May 30, 2024

Tracked Since Feb 18, 2026