CVE-2024-36923

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-36923

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-36923.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-36923

Downstream

BELL-CVE-2024-36923

DLA-4008-1

DSA-5818-1

OESA-2024-1941

OESA-2024-1942

OESA-2024-1943

SUSE-SU-2024:2360-1

SUSE-SU-2024:2381-1

SUSE-SU-2024:2561-1

SUSE-SU-2024:2571-1

SUSE-SU-2024:2894-1

SUSE-SU-2024:2896-1

SUSE-SU-2024:2939-1

SUSE-SU-2024:2947-1

SUSE-SU-2024:2973-1

UBUNTU-CVE-2024-36923

USN-6949-1

USN-6949-2

USN-6952-1

USN-6952-2

USN-6955-1

Related

Published

2024-05-30T16:15:15Z

Modified

2025-08-09T19:01:27Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

fs/9p: fix uninitialized values during inode evict

If an iget fails due to not being able to retrieve information from the server then the inode structure is only partially initialized. When the inode gets evicted, references to uninitialized structures (like fscache cookies) were being made.

This patch checks for a bad_inode before doing anything other than clearing the inode from the cache. Since the inode is bad, it shouldn't have any state associated with it that needs to be written back (and there really isn't a way to complete those anyways).

References

Affected packages