Description

In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: Do not use WARN when encode fails When asn1_encode_sequence() fails, WARN is not the correct solution. 1. asn1_encode_sequence() is not an internal function (located in lib/asn1_encode.c). 2. Location is known, which makes the stack trace useless. 3. Results a crash if panic_on_warn is set. It is also noteworthy that the use of WARN is undocumented, and it should be avoided unless there is a carefully considered rationale to use it. Replace WARN with pr_err, and print the return value instead, which is only useful piece of information.

INFO

Published Date :

2024-06-18T19:20:24.553Z

Last Modified :

2025-05-04T09:13:11.226Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2024-36975 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-36975.

URL Resource
https://git.kernel.org/stable/c/050bf3c793a07f96bd1e2fd62e1447f731ed733b cve-icon cve-icon
https://git.kernel.org/stable/c/1c652e1e10676f942149052d9329b8bf2703529a cve-icon cve-icon
https://git.kernel.org/stable/c/681935009fec3fc22af97ee312d4a24ccf3cf087 cve-icon cve-icon
https://git.kernel.org/stable/c/96f650995c70237b061b497c66755e32908f8972 cve-icon cve-icon
https://git.kernel.org/stable/c/d32c6e09f7c4bec3ebc4941323f0aa6366bc1487 cve-icon cve-icon
https://git.kernel.org/stable/c/ff91cc12faf798f573dab2abc976c1d5b1862fea cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-36975 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-36975 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact