CVE-2024-41052

MEDIUM

Linux kernel - Use After Free

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Init the count variable in collecting hot-reset devices The count variable is used without initialization, it results in mistakes in the device counting and crashes the userspace if the get hot reset info path is triggered.

References (3)

[Patch] https://git.kernel.org/stable/c/5a88a3f67e37e39f933b38ebb4985ba5822e9eca

[Patch] https://git.kernel.org/stable/c/f44136b9652291ac1fc39ca67c053ac624d0d11b

[Patch] https://git.kernel.org/stable/c/f476dffc52ea70745dcabf63288e770e50ac9ab3

Scores

CVSS v3 5.5

EPSS 0.0002

EPSS Percentile 4.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-908

Status published

Products (3)

linux/Kernel 6.6.36 - 6.6.41linux

linux/Kernel 6.9.7 - 6.9.10linux

linux/linux_kernel 6.6.36 - 6.6.41

Published Jul 29, 2024

Tracked Since Feb 18, 2026