CVE-2024-36975

KEYS: trusted: Do not use WARN when encode fails

Description

In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: Do not use WARN when encode fails When asn1_encode_sequence() fails, WARN is not the correct solution. 1. asn1_encode_sequence() is not an internal function (located in lib/asn1_encode.c). 2. Location is known, which makes the stack trace useless. 3. Results a crash if panic_on_warn is set. It is also noteworthy that the use of WARN is undocumented, and it should be avoided unless there is a carefully considered rationale to use it. Replace WARN with pr_err, and print the return value instead, which is only useful piece of information.

N/A
CVSS
Severity:
EPSS 0.20%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/96f650995c70237b061b497c66755e32908f8972
https://git.kernel.org/stable/c/681935009fec3fc22af97ee312d4a24ccf3cf087
https://git.kernel.org/stable/c/1c652e1e10676f942149052d9329b8bf2703529a
https://git.kernel.org/stable/c/d32c6e09f7c4bec3ebc4941323f0aa6366bc1487
https://git.kernel.org/stable/c/ff91cc12faf798f573dab2abc976c1d5b1862fea
https://git.kernel.org/stable/c/050bf3c793a07f96bd1e2fd62e1447f731ed733b

Frequently Asked Questions

What is the severity of CVE-2024-36975?
CVE-2024-36975 has not yet been assigned a CVSS score.
How to fix CVE-2024-36975?
To fix CVE-2024-36975, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-36975 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-36975 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-36975?
CVE-2024-36975 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.