FKIE_CVE-2024-36015

Vulnerability from fkie_nvd - Published: 2024-05-29 08:15 - Updated: 2025-11-04 18:16
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved: ppdev: Add an error check in register_device In register_device, the return value of ida_simple_get is unchecked, in witch ida_simple_get will use an invalid index value. To address this issue, index should be checked after ida_simple_get. When the index value is abnormal, a warning message should be printed, the port should be dropped, and the value should be recorded.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/5d5b24edad1107a2ffa99058f20f6aeeafeb5d39Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/65cd017d43f4319a56747d38308b0a24cf57299ePatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/b65d0410b879af0295d22438a4a32012786d152aPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/b8c6b83cc3adff3ddf403c8c7063fe6d08b2b9d9Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/d32caf51379a4d71db03d3d4d7c22d27cdf7f68bPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/df9329247dbbf00f6057e002139ab3fa529ad828Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/ec3468221efec6660ff656e9ebe51ced3520fc57Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/fbf740aeb86a4fe82ad158d26d711f2f3be79b3ePatch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/5d5b24edad1107a2ffa99058f20f6aeeafeb5d39Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/65cd017d43f4319a56747d38308b0a24cf57299ePatch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/b65d0410b879af0295d22438a4a32012786d152aPatch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/b8c6b83cc3adff3ddf403c8c7063fe6d08b2b9d9Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/d32caf51379a4d71db03d3d4d7c22d27cdf7f68bPatch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/df9329247dbbf00f6057e002139ab3fa529ad828Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/ec3468221efec6660ff656e9ebe51ced3520fc57Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/fbf740aeb86a4fe82ad158d26d711f2f3be79b3ePatch
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
Impacted products
Vendor Product Version
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel 4.11
linux linux_kernel 4.11
linux linux_kernel 4.11
linux linux_kernel 4.11
linux linux_kernel 4.11
linux linux_kernel 4.11
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3B7FF9A-7C53-4993-8BB9-9024BFBCEC48",
              "versionEndExcluding": "4.10",
              "versionStartIncluding": "4.9.22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "002AFF57-621F-4DFC-BA33-323006B9E2CB",
              "versionEndExcluding": "4.11",
              "versionStartIncluding": "4.10.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8C7D906-0A7A-42B1-B654-E2613834E498",
              "versionEndExcluding": "4.19.316",
              "versionStartIncluding": "4.11.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FDBF235-DA18-49A1-8690-6C7272FD0701",
              "versionEndExcluding": "5.4.278",
              "versionStartIncluding": "4.20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9063AF3-D593-43B7-810D-58B87F82F9F9",
              "versionEndExcluding": "5.10.219",
              "versionStartIncluding": "5.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "31130639-53FE-4726-8986-434EE2528CB2",
              "versionEndExcluding": "5.15.161",
              "versionStartIncluding": "5.11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEFB78EE-F990-4197-BF1C-156760A55667",
              "versionEndExcluding": "6.1.93",
              "versionStartIncluding": "5.16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCE796DF-3B50-4DC6-BAE5-95271068FC9E",
              "versionEndExcluding": "6.6.33",
              "versionStartIncluding": "6.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "991B9791-966A-4D18-9E8D-A8AB128E5627",
              "versionEndExcluding": "6.9.4",
              "versionStartIncluding": "6.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:4.11:-:*:*:*:*:*:*",
              "matchCriteriaId": "623D643F-123E-4D3E-8CBF-16BF845D734B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:4.11:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "A659506C-868E-4E87-B0D8-E901BC2E9BDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:4.11:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "ACE2C8C3-F2AA-4A39-9D81-B0F8BB82B834",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:4.11:rc6:*:*:*:*:*:*",
              "matchCriteriaId": "D67BFFD0-1A52-4F5D-98DB-D94B58FD8D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:4.11:rc7:*:*:*:*:*:*",
              "matchCriteriaId": "7D996F38-22AC-4059-84FC-F7D69CE0CB9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:4.11:rc8:*:*:*:*:*:*",
              "matchCriteriaId": "97EFF4F7-E5F9-4FAA-AD58-94A24501AD59",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nppdev: Add an error check in register_device\n\nIn register_device, the return value of ida_simple_get is unchecked,\nin witch ida_simple_get will use an invalid index value.\n\nTo address this issue, index should be checked after ida_simple_get. When\nthe index value is abnormal, a warning message should be printed, the port\nshould be dropped, and the value should be recorded."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ppdev: agregue una verificaci\u00f3n de errores en Register_device. En Register_device, el valor de retorno de ida_simple_get no est\u00e1 marcado, por lo que ida_simple_get usar\u00e1 un valor de \u00edndice no v\u00e1lido. Para solucionar este problema, se debe verificar el \u00edndice despu\u00e9s de ida_simple_get. Cuando el valor del \u00edndice es anormal, se debe imprimir un mensaje de advertencia, se debe descartar el puerto y se debe registrar el valor."
    }
  ],
  "id": "CVE-2024-36015",
  "lastModified": "2025-11-04T18:16:23.557",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-05-29T08:15:33.880",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/5d5b24edad1107a2ffa99058f20f6aeeafeb5d39"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/65cd017d43f4319a56747d38308b0a24cf57299e"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/b65d0410b879af0295d22438a4a32012786d152a"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/b8c6b83cc3adff3ddf403c8c7063fe6d08b2b9d9"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/d32caf51379a4d71db03d3d4d7c22d27cdf7f68b"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/df9329247dbbf00f6057e002139ab3fa529ad828"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/ec3468221efec6660ff656e9ebe51ced3520fc57"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/fbf740aeb86a4fe82ad158d26d711f2f3be79b3e"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/5d5b24edad1107a2ffa99058f20f6aeeafeb5d39"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/65cd017d43f4319a56747d38308b0a24cf57299e"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/b65d0410b879af0295d22438a4a32012786d152a"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/b8c6b83cc3adff3ddf403c8c7063fe6d08b2b9d9"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/d32caf51379a4d71db03d3d4d7c22d27cdf7f68b"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/df9329247dbbf00f6057e002139ab3fa529ad828"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/ec3468221efec6660ff656e9ebe51ced3520fc57"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/fbf740aeb86a4fe82ad158d26d711f2f3be79b3e"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-129"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.