CVE-2024-36900

MEDIUM

Linux Kernel 5.15-6.1.90, 6.2-6.6.30, 6.7-6.8.9 - Use-After-Free via Devlink Reload During Initialization

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix kernel crash when devlink reload during initialization The devlink reload process will access the hardware resources, but the register operation is done before the hardware is initialized. So, processing the devlink reload during initialization may lead to kernel crash. This patch fixes this by registering the devlink after hardware initialization.

References (4)

Core 4

Scores

CVSS v3 5.5
EPSS 0.0022
EPSS Percentile 13.0%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-908
Status published
Products (15)
linux/Kernel 5.15.0 - 6.1.91linux
linux/Kernel 6.2.0 - 6.6.31linux
linux/Kernel 6.7.0 - 6.8.10linux
Linux/Linux < 5.15
Linux/Linux 5.15
Linux/Linux 6.1.91 - 6.1.*
Linux/Linux 6.6.31 - 6.6.*
Linux/Linux 6.8.10 - 6.8.*
Linux/Linux 6.9
Linux/Linux cd6242991d2e3990c828a7c2215d2d3321f1da39 - 35d92abfbad88cf947c010baf34b075e40566095
... and 5 more
Published May 30, 2024
Tracked Since Feb 18, 2026