CVE ID : CVE-2024-36975
Published : June 18, 2024, 8:15 p.m. | 1 hour, 5 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved:
KEYS: trusted: Do not use WARN when encode fails
When asn1_encode_sequence() fails, WARN is not the correct solution.
1. asn1_encode_sequence() is not an internal function (located
in lib/asn1_encode.c).
2. Location is known, which makes the stack trace useless.
3. Results a crash if panic_on_warn is set.
It is also noteworthy that the use of WARN is undocumented, and it
should be avoided unless there is a carefully considered rationale to
use it.
Replace WARN with pr_err, and print the return value instead, which is
only useful piece of information.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…CVE ID : CVE-2024-36975
Published : June 18, 2024, 8:15 p.m. | 1 hour, 5 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved:
KEYS: trusted: Do not use WARN when encode fails
When asn1_encode_sequence() fails, WARN is not the correct solution.
1. asn1_encode_sequence() is not an internal function (located
in lib/asn1_encode.c).
2. Location is known, which makes the stack trace useless.
3. Results a crash if panic_on_warn is set.
It is also noteworthy that the use of WARN is undocumented, and it
should be avoided unless there is a carefully considered rationale to
use it.
Replace WARN with pr_err, and print the return value instead, which is
only useful piece of information.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…