CVE-2024-36020: i40e: fix vf may be used uninitialized in this function warning

Published May 30, 2024
·
Updated

In the Linux kernel, the following vulnerability has been resolved:

i40e: fix vf may be used uninitialized in this function warning

The Linux kernel CVE team has assigned CVE-2024-36020 to this issue.

Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024053044-CVE-2024-36020-5da7@gregkh/T

Other sources

In the Linux kernel, the following vulnerability has been resolved:

i40e: fix vf may be used uninitialized in this function warning

To fix the regression introduced by commit 52424f974bc5, which causes servers hang in very hard to reproduce conditions with resets races. Using two sources for the information is the root cause. In this function before the fix bumping v didn't mean bumping vf pointer. But the code used this variables interchangeably, so stale vf could point to different/not intended vf.

Remove redundant "v" variable and iterate via single VF pointer across whole function instead to guarantee VF pointer validity.

NVD

Linux Kernel is vulnerable to a denial of service, caused by a race condition in the Ethernet Controller XL710 family driver. A remote authenticated attacker could exploit this vulnerability to cause a denial of service.

IBM

Affected Software

31 affected componentsFixes available
IBM Security Verify Governance<=ISVG 10.0.2
IBM Security Verify Governance, Identity Manager Software Stack<=ISVG 10.0.2
IBM Security Verify Governance, Identity Manager Virtual Appliance<=ISVG 10.0.2
IBM Security Verify Governance Identity Manager Container<=ISVG 10.0.2
debian/linux
5.10.223-15.10.234-16.1.129-16.1.135-16.12.25-16.12.27-1
redhat/kernel<4.19.312
4.19.312
redhat/kernel<5.4.274
5.4.274
redhat/kernel<5.10.215
5.10.215
redhat/kernel<5.15.154
5.15.154
redhat/kernel<6.1.85
6.1.85
redhat/kernel<6.6.26
6.6.26
redhat/kernel<6.8.5
6.8.5
redhat/kernel<6.9
6.9
Linux Linux kernel>=4.19.264<4.19.312
Linux Linux kernel>=5.4.223<5.4.274
Linux Linux kernel>=5.10.153<5.10.215
Linux Linux kernel>=5.15.77<5.15.154
Linux Linux kernel>=6.0.7<6.1
Linux Linux kernel>=6.1.1<6.1.85
Linux Linux kernel>=6.2<6.6.26
Linux Linux kernel>=6.7<6.8.5
Linux Linux kernel=6.1
Linux Linux kernel=6.1-rc3
Linux Linux kernel=6.1-rc4
Linux Linux kernel=6.1-rc5
Linux Linux kernel=6.1-rc6
Linux Linux kernel=6.1-rc7
Linux Linux kernel=6.1-rc8
Linux Linux kernel=6.9-rc1
Linux Linux kernel=6.9-rc2
Debian Debian Linux=10.0

Remediation

Patch Available

https://git.kernel.org/stable/c/06df7618f591b2dc43c59967e294d7b9fc8675b6

Patch Available

https://git.kernel.org/stable/c/0dcf573f997732702917af1563aa2493dc772fc0

Patch Available

https://git.kernel.org/stable/c/3e89846283f3cf7c7a8e28b342576fd7c561d2ba

Patch Available

https://git.kernel.org/stable/c/951d2748a2a8242853abc3d0c153ce4bf8faad31

Patch Available

https://git.kernel.org/stable/c/9dcf0fcb80f6aeb01469e3c957f8d4c97365450a

Patch Available

https://git.kernel.org/stable/c/b8e82128b44fa40bf99a50b919488ef361e1683c

Patch Available

https://git.kernel.org/stable/c/cc9cd02dd9e8b7764ea9effb24f4f1dd73d1b23d

Patch Available

https://git.kernel.org/stable/c/f37c4eac99c258111d414d31b740437e1925b8e8

Event History

May 30, 2024
CVE Published
via MITRE·02:59 PM
Data Sourced
via MITRE·02:59 PM
Description
Data Sourced
via NVD·03:15 PM
Description
Data Sourced
via NVD·03:15 PM
RemedySeverityWeaknessAffected Software
Jun 3, 2024
Data Sourced
via Red Hat·08:28 AM
DescriptionSeverityAffected Software
Jul 15, 2024
Data Sourced
via Launchpad·07:50 PM
Description
Apr 27, 2025
Data Sourced
via Ubuntu·12:25 AM
RemedyDescriptionSeverityAffected Software

Parent advisories

This vulnerability appears in the following advisories.

Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2024-36020?

The severity of CVE-2024-36020 is classified as low due to the nature of the vulnerability.

2

How do I fix CVE-2024-36020?

To fix CVE-2024-36020, update to the latest kernel version specified in the advisory or apply available patches.

3

Which versions of the Linux kernel are affected by CVE-2024-36020?

CVE-2024-36020 affects several versions of the Linux kernel including 4.19.312, 5.4.274, and others up to 6.9.

4

What is the impact of CVE-2024-36020 on system security?

The impact of CVE-2024-36020 on system security primarily involves potential uninitialized variable usage which could lead to unexpected behavior.

5

What operating systems are impacted by CVE-2024-36020?

CVE-2024-36020 impacts various Linux distributions utilizing the affected kernel versions such as Red Hat and Debian.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203