SB20240608246 - Improper Initialization in Linux kernel hns3 hns3pf driver
Published: June 8, 2024 Updated: May 13, 2025
Security Bulletin ID
SB20240608246
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improper Initialization (CVE-ID: CVE-2024-36900)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the hclgevf_init_hdev() and hclge_comm_cmd_uninit() functions in drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c, within the hclge_init_ae_dev() and pci_free_irq_vectors() functions in drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/72ede790f5a03c3957487400a1b72ebce293a2e7
- https://git.kernel.org/stable/c/5c623fe0534806b627054da09b6f51b7b2f7b9cd
- https://git.kernel.org/stable/c/c98bc78ce0909ccc92005e2cb6609ec6c7942f69
- https://git.kernel.org/stable/c/35d92abfbad88cf947c010baf34b075e40566095
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.91
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.31
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8.10