PT-2024-26847 · Linux+6 · Linux Kernel+6

Published

2024-02-14

Updated

2025-09-29

CVE-2024-36010

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to string truncation warnings in the igb set fw version function of the Linux kernel. The warning occurs due to the potential truncation of the '%d' directive output when writing between 1 and 5 bytes into a region of size between 1 and 13. The fix involves using kasprintf to allocate a larger space for the adapter->fw version and falling back to snprintf if necessary.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALSA-2024:5101

ALSA-2024:5102

ALSA-2025_12746

ALSA-2025_12752

ALSA-2025_12753

ALSA-2025_16880

BDU:2026-04386

CESA-2024_5101

CESA-2024_5102

CVE-2024-36010

INFSA-2024_5101

INFSA-2024_5102

INFSA-2024_9315

RHSA-2024:5101

RHSA-2024:5102

RHSA-2024:9315

RHSA-2024_5101

RHSA-2024_5102

RHSA-2024_9315

RHSA-2025:3935

RLSA-2024:5101

RLSA-2024:5102

RXSA-2024:5101

SUSE-SU-2024:2571-1

SUSE-SU-2024:2896-1

SUSE-SU-2024:2973-1

SUSE-SU-2025:20008-1

SUSE-SU-2025:20028-1

Affected Products

Almalinux

Astra Linux

Centos

Linux Kernel

Red Hat

Rocky Linux

Suse

PT-2024-26847 · Linux+6 · Linux Kernel+6

CVE-2024-36010

Weakness Enumeration

Related Identifiers

Affected Products

References · 2419