{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-36975", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-05-30T15:25:07.082Z", "datePublished": "2024-06-18T19:20:24.553Z", "dateUpdated": "2025-05-04T09:13:11.226Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T09:13:11.226Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKEYS: trusted: Do not use WARN when encode fails\n\nWhen asn1_encode_sequence() fails, WARN is not the correct solution.\n\n1. asn1_encode_sequence() is not an internal function (located\n in lib/asn1_encode.c).\n2. Location is known, which makes the stack trace useless.\n3. Results a crash if panic_on_warn is set.\n\nIt is also noteworthy that the use of WARN is undocumented, and it\nshould be avoided unless there is a carefully considered rationale to\nuse it.\n\nReplace WARN with pr_err, and print the return value instead, which is\nonly useful piece of information."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["security/keys/trusted-keys/trusted_tpm2.c"], "versions": [{"version": "f2219745250f388edacabe6cca73654131c67d0a", "lessThan": "96f650995c70237b061b497c66755e32908f8972", "status": "affected", "versionType": "git"}, {"version": "f2219745250f388edacabe6cca73654131c67d0a", "lessThan": "681935009fec3fc22af97ee312d4a24ccf3cf087", "status": "affected", "versionType": "git"}, {"version": "f2219745250f388edacabe6cca73654131c67d0a", "lessThan": "1c652e1e10676f942149052d9329b8bf2703529a", "status": "affected", "versionType": "git"}, {"version": "f2219745250f388edacabe6cca73654131c67d0a", "lessThan": "d32c6e09f7c4bec3ebc4941323f0aa6366bc1487", "status": "affected", "versionType": "git"}, {"version": "f2219745250f388edacabe6cca73654131c67d0a", "lessThan": "ff91cc12faf798f573dab2abc976c1d5b1862fea", "status": "affected", "versionType": "git"}, {"version": "f2219745250f388edacabe6cca73654131c67d0a", "lessThan": "050bf3c793a07f96bd1e2fd62e1447f731ed733b", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["security/keys/trusted-keys/trusted_tpm2.c"], "versions": [{"version": "5.13", "status": "affected"}, {"version": "0", "lessThan": "5.13", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.160", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.92", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.32", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8.11", "lessThanOrEqual": "6.8.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9.2", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.13", "versionEndExcluding": "5.15.160"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.13", "versionEndExcluding": "6.1.92"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.13", "versionEndExcluding": "6.6.32"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.13", "versionEndExcluding": "6.8.11"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.13", "versionEndExcluding": "6.9.2"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.13", "versionEndExcluding": "6.10"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/96f650995c70237b061b497c66755e32908f8972"}, {"url": "https://git.kernel.org/stable/c/681935009fec3fc22af97ee312d4a24ccf3cf087"}, {"url": "https://git.kernel.org/stable/c/1c652e1e10676f942149052d9329b8bf2703529a"}, {"url": "https://git.kernel.org/stable/c/d32c6e09f7c4bec3ebc4941323f0aa6366bc1487"}, {"url": "https://git.kernel.org/stable/c/ff91cc12faf798f573dab2abc976c1d5b1862fea"}, {"url": "https://git.kernel.org/stable/c/050bf3c793a07f96bd1e2fd62e1447f731ed733b"}], "title": "KEYS: trusted: Do not use WARN when encode fails", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:43:50.595Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/96f650995c70237b061b497c66755e32908f8972", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/681935009fec3fc22af97ee312d4a24ccf3cf087", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/1c652e1e10676f942149052d9329b8bf2703529a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/d32c6e09f7c4bec3ebc4941323f0aa6366bc1487", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ff91cc12faf798f573dab2abc976c1d5b1862fea", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/050bf3c793a07f96bd1e2fd62e1447f731ed733b", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-36975", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:15:22.914846Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:34:58.690Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/96f650995c70237b061b497c66755e32908f8972", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/681935009fec3fc22af97ee312d4a24ccf3cf087", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/1c652e1e10676f942149052d9329b8bf2703529a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/d32c6e09f7c4bec3ebc4941323f0aa6366bc1487", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ff91cc12faf798f573dab2abc976c1d5b1862fea", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/050bf3c793a07f96bd1e2fd62e1447f731ed733b", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:43:50.595Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-36975", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:15:22.914846Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:27.274Z"}}], "cna": {"title": "KEYS: trusted: Do not use WARN when encode fails", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "f2219745250f", "lessThan": "96f650995c70", "versionType": "git"}, {"status": "affected", "version": "f2219745250f", "lessThan": "681935009fec", "versionType": "git"}, {"status": "affected", "version": "f2219745250f", "lessThan": "1c652e1e1067", "versionType": "git"}, {"status": "affected", "version": "f2219745250f", "lessThan": "d32c6e09f7c4", "versionType": "git"}, {"status": "affected", "version": "f2219745250f", "lessThan": "ff91cc12faf7", "versionType": "git"}, {"status": "affected", "version": "f2219745250f", "lessThan": "050bf3c793a0", "versionType": "git"}], "programFiles": ["security/keys/trusted-keys/trusted_tpm2.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.13"}, {"status": "unaffected", "version": "0", "lessThan": "5.13", "versionType": "semver"}, {"status": "unaffected", "version": "5.15.160", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.92", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.32", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.8.11", "versionType": "semver", "lessThanOrEqual": "6.8.*"}, {"status": "unaffected", "version": "6.9.2", "versionType": "semver", "lessThanOrEqual": "6.9.*"}, {"status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["security/keys/trusted-keys/trusted_tpm2.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/96f650995c70237b061b497c66755e32908f8972"}, {"url": "https://git.kernel.org/stable/c/681935009fec3fc22af97ee312d4a24ccf3cf087"}, {"url": "https://git.kernel.org/stable/c/1c652e1e10676f942149052d9329b8bf2703529a"}, {"url": "https://git.kernel.org/stable/c/d32c6e09f7c4bec3ebc4941323f0aa6366bc1487"}, {"url": "https://git.kernel.org/stable/c/ff91cc12faf798f573dab2abc976c1d5b1862fea"}, {"url": "https://git.kernel.org/stable/c/050bf3c793a07f96bd1e2fd62e1447f731ed733b"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKEYS: trusted: Do not use WARN when encode fails\n\nWhen asn1_encode_sequence() fails, WARN is not the correct solution.\n\n1. asn1_encode_sequence() is not an internal function (located\n in lib/asn1_encode.c).\n2. Location is known, which makes the stack trace useless.\n3. Results a crash if panic_on_warn is set.\n\nIt is also noteworthy that the use of WARN is undocumented, and it\nshould be avoided unless there is a carefully considered rationale to\nuse it.\n\nReplace WARN with pr_err, and print the return value instead, which is\nonly useful piece of information."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:29:10.167Z"}}}, "cveMetadata": {"cveId": "CVE-2024-36975", "state": "PUBLISHED", "dateUpdated": "2024-11-05T09:29:10.167Z", "dateReserved": "2024-05-30T15:25:07.082Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-06-18T19:20:24.553Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "795AB883-0972-406E-AFB1-7410C2556E94", "versionEndExcluding": "5.15.160", "versionStartIncluding": "5.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "4E8DFDEB-F911-42FB-A55F-B84A9C556F01", "versionEndExcluding": "6.1.92", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "18199311-EF79-4480-85B0-6AD00C70A7BE", "versionEndExcluding": "6.6.32", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "3B75CBAF-FD3C-40AE-85BB-0525E142C4C8", "versionEndExcluding": "6.8.11", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "197A592B-2A2B-4A2F-8856-22638007413E", "versionEndExcluding": "6.9.2", "versionStartIncluding": "6.9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKEYS: trusted: Do not use WARN when encode fails\n\nWhen asn1_encode_sequence() fails, WARN is not the correct solution.\n\n1. asn1_encode_sequence() is not an internal function (located\n in lib/asn1_encode.c).\n2. Location is known, which makes the stack trace useless.\n3. Results a crash if panic_on_warn is set.\n\nIt is also noteworthy that the use of WARN is undocumented, and it\nshould be avoided unless there is a carefully considered rationale to\nuse it.\n\nReplace WARN with pr_err, and print the return value instead, which is\nonly useful piece of information."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: LLAVES: confiable: no usar WARN cuando falla la codificaci\u00f3n Cuando falla asn1_encode_sequence(), WARN no es la soluci\u00f3n correcta. 1. asn1_encode_sequence() no es una funci\u00f3n interna (ubicada en lib/asn1_encode.c). 2. Se conoce la ubicaci\u00f3n, lo que hace que el seguimiento de la pila sea in\u00fatil. 3. Se produce un bloqueo si se configura p\u00e1nico_on_warn. Tambi\u00e9n es digno de menci\u00f3n que el uso de WARN no est\u00e1 documentado y debe evitarse a menos que exista una justificaci\u00f3n cuidadosamente considerada para su uso. Reemplace WARN con pr_err e imprima el valor de retorno, que es solo informaci\u00f3n \u00fatil."}], "id": "CVE-2024-36975", "lastModified": "2025-10-01T15:16:46.040", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-06-18T20:15:13.340", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/050bf3c793a07f96bd1e2fd62e1447f731ed733b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/1c652e1e10676f942149052d9329b8bf2703529a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/681935009fec3fc22af97ee312d4a24ccf3cf087"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/96f650995c70237b061b497c66755e32908f8972"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/d32c6e09f7c4bec3ebc4941323f0aa6366bc1487"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ff91cc12faf798f573dab2abc976c1d5b1862fea"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/050bf3c793a07f96bd1e2fd62e1447f731ed733b"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/1c652e1e10676f942149052d9329b8bf2703529a"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/681935009fec3fc22af97ee312d4a24ccf3cf087"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/96f650995c70237b061b497c66755e32908f8972"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/d32c6e09f7c4bec3ebc4941323f0aa6366bc1487"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ff91cc12faf798f573dab2abc976c1d5b1862fea"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: KEYS: trusted: Do not use WARN when encode fails", "id": "2293002", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293002"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-99", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nKEYS: trusted: Do not use WARN when encode fails\nWhen asn1_encode_sequence() fails, WARN is not the correct solution.\n1. asn1_encode_sequence() is not an internal function (located\nin lib/asn1_encode.c).\n2. Location is known, which makes the stack trace useless.\n3. Results a crash if panic_on_warn is set.\nIt is also noteworthy that the use of WARN is undocumented, and it\nshould be avoided unless there is a carefully considered rationale to\nuse it.\nReplace WARN with pr_err, and print the return value instead, which is\nonly useful piece of information."], "name": "CVE-2024-36975", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-06-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-36975\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-36975"], "threat_severity": "Moderate"}