Vulnerabilities > CVE-2024-46865 - Use of Uninitialized Resource vulnerability in Linux Kernel

CVSS 7.1 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

linux

CWE-908

NVD

Published: 2024-09-27

Updated: 2024-10-17

Summary

In the Linux kernel, the following vulnerability has been resolved: fou: fix initialization of grc The grc must be initialize first. There can be a condition where if fou is NULL, goto out will be executed and grc would be used uninitialized.

Vulnerable Configurations

Part	Description	Count
OS	Linux Linux Linux Kernel 6.10.10 Linux Linux Kernel 6.6.51 Linux Linux Kernel 6.1.110 Linux Linux Kernel 5.15.167 Linux Linux Kernel 5.10.226	5

Common Weakness Enumeration (CWE)

CWE-908 - Use of Uninitialized Resource

References

https://git.kernel.org/stable/c/5d537b8d900514509622ce92330b70d2e581d409
https://git.kernel.org/stable/c/7ae890ee19479eeeb87724cca8430b5cb3660c74
https://git.kernel.org/stable/c/aca06c617c83295f0caa486ad608fbef7bdc11e8
https://git.kernel.org/stable/c/4c8002277167125078e6b9b90137bdf443ebaa08
https://git.kernel.org/stable/c/392f6a97fcbecc64f0c00058b2db5bb0e4b8cc3e
https://git.kernel.org/stable/c/16ff0895283058b0f96d4fe277aa25ee096f0ea8