CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-36015

Medium Severity
SVRS
30/100
CVSSv3
NA/10
EPSS
0.00286/1

CVE-2024-36015 is a vulnerability in the Linux kernel's ppdev driver related to improper error handling during device registration. The vulnerability arises from a missing check on the return value of ida_simple_get in the register_device function, potentially leading to the use of an invalid index value. This flaw could cause unpredictable behavior or system instability. While the CVSS score is 0, indicating a low base score, the SOCRadar Vulnerability Risk Score (SVRS) is 30. The SVRS score of 30 suggests that while not critical, this kernel vulnerability requires monitoring. Specifically, a failure to properly manage the index could result in unexpected driver behavior. The fix involves adding a check on the index value after retrieval and dropping the port if an abnormal value is detected, thus preventing further issues. Although the vulnerability doesn't pose an immediate critical threat, its presence in the Linux kernel necessitates prompt patching to maintain system stability and prevent potential exploits.

TAGS
In The Wild
VECTOR STRING
PUBLICATION DATE2024-05-29
LAST MODIFIED2024-07-15

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

USN-6999-2: Linux kernel vulnerabilities
2024-09-23
USN-6999-2: Linux kernel vulnerabilities | Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2024-23848) It was discovered that the JFS file system contained an out-of-bounds read vulnerability when printing xattr debug information. A local attacker could use this to cause a denial of service (system crash). (CVE-2024-40902) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise
cve-2024-40928
cve-2024-40945
cve-2024-40959
cve-2023-52884
USN-7007-3: Linux kernel vulnerabilities
2024-09-23
USN-7007-3: Linux kernel vulnerabilities | Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2024-23848) Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service. (CVE-2024-25741) It was discovered that the JFS file system contained an out-of-bounds read
cve-2024-40904
cve-2024-38558
cve-2024-38588
cve-2024-36894
USN-7029-1: Linux kernel vulnerabilities
2024-09-23
USN-7029-1: Linux kernel vulnerabilities | Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2024-23848) It was discovered that the JFS file system contained an out-of-bounds read vulnerability when printing xattr debug information. A local attacker could use this to cause a denial of service (system crash). (CVE-2024-40902) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise
cve-2024-39468
cve-2024-40970
cve-2024-38385
cve-2024-40996
USN-7009-2: Linux kernel vulnerabilities
2024-09-25
USN-7009-2: Linux kernel vulnerabilities | Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2024-23848) Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service. (CVE-2024-25741) It was discovered that the JFS file system contained an out-of-bounds read
ubuntu.com
rss
forum
news
CVE-2024-36015 | Linux Kernel up to 6.9 ppdev register_device return value (fbf740aeb86a)
vuldb.com2024-05-29
CVE-2024-36015 | Linux Kernel up to 6.9 ppdev register_device return value (fbf740aeb86a) | A vulnerability was found in Linux Kernel up to 6.9. It has been classified as problematic. This affects the function register_device of the component ppdev. The manipulation leads to unchecked return value. This vulnerability is uniquely identified as CVE-2024-36015. The attack
cve-2024-36015
domains
urls
cves

Social Media

🚨 CVE-2024-36015: Linux Kernel up to 6.9 vulnerable to unchecked return value in ppdev register_device function. Risk: Problematic local exploit. Action: Upgrade affected component immediately. #LinuxSecurity #PatchNow
0
0
0
CVE-2024-36015 In the Linux kernel, the following vulnerability has been resolved: ppdev: Add an error check in register_device In register_device, the return value of ida_simple_… https://t.co/L9uzZ58AWn
0
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/fbf740aeb86a4fe82ad158d26d711f2f3be79b3e
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/5d5b24edad1107a2ffa99058f20f6aeeafeb5d39
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/df9329247dbbf00f6057e002139ab3fa529ad828
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/ec3468221efec6660ff656e9ebe51ced3520fc57
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/fbf740aeb86a4fe82ad158d26d711f2f3be79b3e
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/5d5b24edad1107a2ffa99058f20f6aeeafeb5d39
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/65cd017d43f4319a56747d38308b0a24cf57299e
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/b65d0410b879af0295d22438a4a32012786d152a
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/b8c6b83cc3adff3ddf403c8c7063fe6d08b2b9d9
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/d32caf51379a4d71db03d3d4d7c22d27cdf7f68b
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/df9329247dbbf00f6057e002139ab3fa529ad828
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/ec3468221efec6660ff656e9ebe51ced3520fc57
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/fbf740aeb86a4fe82ad158d26d711f2f3be79b3e
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/5d5b24edad1107a2ffa99058f20f6aeeafeb5d39
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/65cd017d43f4319a56747d38308b0a24cf57299e
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/b65d0410b879af0295d22438a4a32012786d152a
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/b8c6b83cc3adff3ddf403c8c7063fe6d08b2b9d9
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/d32caf51379a4d71db03d3d4d7c22d27cdf7f68b
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/df9329247dbbf00f6057e002139ab3fa529ad828
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/ec3468221efec6660ff656e9ebe51ced3520fc57
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/fbf740aeb86a4fe82ad158d26d711f2f3be79b3e
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

CWE Details

No CWE details found for this CVE

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence