CVE-2024-36975 – In the Linux kernel, the following vulnerability h

CVE ID : CVE-2024-36975

Published : June 18, 2024, 8:15 p.m. | 1 hour, 5 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

KEYS: trusted: Do not use WARN when encode fails

When asn1_encode_sequence() fails, WARN is not the correct solution.

1. asn1_encode_sequence() is not an internal function (located
in lib/asn1_encode.c).
2. Location is known, which makes the stack trace useless.
3. Results a crash if panic_on_warn is set.

It is also noteworthy that the use of WARN is undocumented, and it
should be avoided unless there is a carefully considered rationale to
use it.

Replace WARN with pr_err, and print the return value instead, which is
only useful piece of information.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…CVE ID : CVE-2024-36975

Published : June 18, 2024, 8:15 p.m. | 1 hour, 5 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

KEYS: trusted: Do not use WARN when encode fails

When asn1_encode_sequence() fails, WARN is not the correct solution.

1. asn1_encode_sequence() is not an internal function (located
in lib/asn1_encode.c).
2. Location is known, which makes the stack trace useless.
3. Results a crash if panic_on_warn is set.

It is also noteworthy that the use of WARN is undocumented, and it
should be avoided unless there is a carefully considered rationale to
use it.

Replace WARN with pr_err, and print the return value instead, which is
only useful piece of information.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…