{"dataType":"CVE_RECORD","cveMetadata":{"cveId":"CVE-2024-36020","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-05-17T13:50:33.157Z","datePublished":"2024-05-30T14:59:44.447Z","dateUpdated":"2026-05-12T11:53:39.635Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T20:15:46.827Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix vf may be used uninitialized in this function warning\n\nTo fix the regression introduced by commit 52424f974bc5, which causes\nservers hang in very hard to reproduce conditions with resets races.\nUsing two sources for the information is the root cause.\nIn this function before the fix bumping v didn't mean bumping vf\npointer. But the code used this variables interchangeably, so stale vf\ncould point to different/not intended vf.\n\nRemove redundant \"v\" variable and iterate via single VF pointer across\nwhole function instead to guarantee VF pointer validity."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c"],"versions":[{"version":"76ed715836c6994bac29d9638e9314e6e3b08651","lessThan":"cc9cd02dd9e8b7764ea9effb24f4f1dd73d1b23d","status":"affected","versionType":"git"},{"version":"e88c2a1e28c5475065563d66c07ca879a9afbd07","lessThan":"9dcf0fcb80f6aeb01469e3c957f8d4c97365450a","status":"affected","versionType":"git"},{"version":"9abae363af5ced6adbf04c14366289540281fb26","lessThan":"b8e82128b44fa40bf99a50b919488ef361e1683c","status":"affected","versionType":"git"},{"version":"c39de3ae5075ea5f78e097cb5720d4e52d5caed9","lessThan":"951d2748a2a8242853abc3d0c153ce4bf8faad31","status":"affected","versionType":"git"},{"version":"52424f974bc53c26ba3f00300a00e9de9afcd972","lessThan":"3e89846283f3cf7c7a8e28b342576fd7c561d2ba","status":"affected","versionType":"git"},{"version":"52424f974bc53c26ba3f00300a00e9de9afcd972","lessThan":"0dcf573f997732702917af1563aa2493dc772fc0","status":"affected","versionType":"git"},{"version":"52424f974bc53c26ba3f00300a00e9de9afcd972","lessThan":"06df7618f591b2dc43c59967e294d7b9fc8675b6","status":"affected","versionType":"git"},{"version":"52424f974bc53c26ba3f00300a00e9de9afcd972","lessThan":"f37c4eac99c258111d414d31b740437e1925b8e8","status":"affected","versionType":"git"},{"version":"02f949747e6fb767b29f7931d4bbf40911684e7a","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c"],"versions":[{"version":"6.1","status":"affected"},{"version":"0","lessThan":"6.1","status":"unaffected","versionType":"semver"},{"version":"4.19.312","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.274","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.215","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.154","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.85","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.26","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.8.5","lessThanOrEqual":"6.8.*","status":"unaffected","versionType":"semver"},{"version":"6.9","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19.264","versionEndExcluding":"4.19.312"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4.223","versionEndExcluding":"5.4.274"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10.153","versionEndExcluding":"5.10.215"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15.77","versionEndExcluding":"5.15.154"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1","versionEndExcluding":"6.1.85"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1","versionEndExcluding":"6.6.26"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1","versionEndExcluding":"6.8.5"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1","versionEndExcluding":"6.9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0.7"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/cc9cd02dd9e8b7764ea9effb24f4f1dd73d1b23d"},{"url":"https://git.kernel.org/stable/c/9dcf0fcb80f6aeb01469e3c957f8d4c97365450a"},{"url":"https://git.kernel.org/stable/c/b8e82128b44fa40bf99a50b919488ef361e1683c"},{"url":"https://git.kernel.org/stable/c/951d2748a2a8242853abc3d0c153ce4bf8faad31"},{"url":"https://git.kernel.org/stable/c/3e89846283f3cf7c7a8e28b342576fd7c561d2ba"},{"url":"https://git.kernel.org/stable/c/0dcf573f997732702917af1563aa2493dc772fc0"},{"url":"https://git.kernel.org/stable/c/06df7618f591b2dc43c59967e294d7b9fc8675b6"},{"url":"https://git.kernel.org/stable/c/f37c4eac99c258111d414d31b740437e1925b8e8"}],"title":"i40e: fix vf may be used uninitialized in this function warning","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"title":"CISA ADP Vulnrichment","metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2024-36020","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-06-03T16:54:29.774868Z"}}}],"providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-06-04T17:48:10.052Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T03:30:12.504Z"},"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/cc9cd02dd9e8b7764ea9effb24f4f1dd73d1b23d","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/9dcf0fcb80f6aeb01469e3c957f8d4c97365450a","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/b8e82128b44fa40bf99a50b919488ef361e1683c","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/951d2748a2a8242853abc3d0c153ce4bf8faad31","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/3e89846283f3cf7c7a8e28b342576fd7c561d2ba","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/0dcf573f997732702917af1563aa2493dc772fc0","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/06df7618f591b2dc43c59967e294d7b9fc8675b6","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/f37c4eac99c258111d414d31b740437e1925b8e8","tags":["x_transferred"]},{"url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html","tags":["x_transferred"]},{"url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html","tags":["x_transferred"]}]},{"x_adpType":"supplier","providerMetadata":{"orgId":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e","shortName":"siemens-SADP","dateUpdated":"2026-05-12T11:53:39.635Z"},"affected":[{"vendor":"Siemens","product":"SIMATIC S7-1500 TM MFP - GNU/Linux subsystem","versions":[{"status":"affected","version":"0","lessThan":"*","versionType":"custom"}],"defaultStatus":"unknown"}],"references":[{"url":"https://cert-portal.siemens.com/productcert/html/ssa-265688.html"}]}]},"dataVersion":"5.2"}