CVE-2024-36900

net: hns3: fix kernel crash when devlink reload during initialization

Description

In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix kernel crash when devlink reload during initialization The devlink reload process will access the hardware resources, but the register operation is done before the hardware is initialized. So, processing the devlink reload during initialization may lead to kernel crash. This patch fixes this by registering the devlink after hardware initialization.

N/A

CVSS

Severity:

EPSS 0.13%

Affected: Linux Linux

References

Link	Tags
https://git.kernel.org/stable/c/72ede790f5a03c3957487400a1b72ebce293a2e7
https://git.kernel.org/stable/c/5c623fe0534806b627054da09b6f51b7b2f7b9cd
https://git.kernel.org/stable/c/c98bc78ce0909ccc92005e2cb6609ec6c7942f69
https://git.kernel.org/stable/c/35d92abfbad88cf947c010baf34b075e40566095

Frequently Asked Questions

What is the severity of CVE-2024-36900?: CVE-2024-36900 has not yet been assigned a CVSS score.
How to fix CVE-2024-36900?: To fix CVE-2024-36900, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-36900 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2024-36900 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-36900?: CVE-2024-36900 affects Linux Linux, Linux Linux.

This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.