{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-43875", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-08-17T09:11:59.281Z", "datePublished": "2024-08-21T00:06:27.204Z", "dateUpdated": "2025-05-04T09:28:19.236Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T09:28:19.236Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: endpoint: Clean up error handling in vpci_scan_bus()\n\nSmatch complains about inconsistent NULL checking in vpci_scan_bus():\n\n drivers/pci/endpoint/functions/pci-epf-vntb.c:1024 vpci_scan_bus() error: we previously assumed 'vpci_bus' could be null (see line 1021)\n\nInstead of printing an error message and then crashing we should return\nan error code and clean up.\n\nAlso the NULL check is reversed so it prints an error for success\ninstead of failure."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/pci/endpoint/functions/pci-epf-vntb.c"], "versions": [{"version": "e2b6ef72b7aea9d7d480d2df499bcd1c93247abb", "lessThan": "24414c842a24d0fd498f9db6d2a762a8dddf1832", "status": "affected", "versionType": "git"}, {"version": "e35f56bb03304abc92c928b641af41ca372966bb", "lessThan": "7d368de78b60088ec9031c60c88976c0063ea4c0", "status": "affected", "versionType": "git"}, {"version": "e35f56bb03304abc92c928b641af41ca372966bb", "lessThan": "0e27e2e8697b8ce96cdef43f135426525d9d1f8f", "status": "affected", "versionType": "git"}, {"version": "e35f56bb03304abc92c928b641af41ca372966bb", "lessThan": "b9e8695246bcfc028341470cbf92630cdc1ba36b", "status": "affected", "versionType": "git"}, {"version": "e35f56bb03304abc92c928b641af41ca372966bb", "lessThan": "8e0f5a96c534f781e8c57ca30459448b3bfe5429", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/pci/endpoint/functions/pci-epf-vntb.c"], "versions": [{"version": "6.0", "status": "affected"}, {"version": "0", "lessThan": "6.0", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.165", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.103", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.44", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10.3", "lessThanOrEqual": "6.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.11", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15.153", "versionEndExcluding": "5.15.165"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.0", "versionEndExcluding": "6.1.103"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.0", "versionEndExcluding": "6.6.44"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.0", "versionEndExcluding": "6.10.3"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.0", "versionEndExcluding": "6.11"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/24414c842a24d0fd498f9db6d2a762a8dddf1832"}, {"url": "https://git.kernel.org/stable/c/7d368de78b60088ec9031c60c88976c0063ea4c0"}, {"url": "https://git.kernel.org/stable/c/0e27e2e8697b8ce96cdef43f135426525d9d1f8f"}, {"url": "https://git.kernel.org/stable/c/b9e8695246bcfc028341470cbf92630cdc1ba36b"}, {"url": "https://git.kernel.org/stable/c/8e0f5a96c534f781e8c57ca30459448b3bfe5429"}], "title": "PCI: endpoint: Clean up error handling in vpci_scan_bus()", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-43875", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:06:07.224237Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-12T17:33:18.016Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-43875", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:06:07.224237Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:22.638Z"}}], "cna": {"title": "PCI: endpoint: Clean up error handling in vpci_scan_bus()", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "e2b6ef72b7aea9d7d480d2df499bcd1c93247abb", "lessThan": "24414c842a24d0fd498f9db6d2a762a8dddf1832", "versionType": "git"}, {"status": "affected", "version": "e35f56bb03304abc92c928b641af41ca372966bb", "lessThan": "7d368de78b60088ec9031c60c88976c0063ea4c0", "versionType": "git"}, {"status": "affected", "version": "e35f56bb03304abc92c928b641af41ca372966bb", "lessThan": "0e27e2e8697b8ce96cdef43f135426525d9d1f8f", "versionType": "git"}, {"status": "affected", "version": "e35f56bb03304abc92c928b641af41ca372966bb", "lessThan": "b9e8695246bcfc028341470cbf92630cdc1ba36b", "versionType": "git"}, {"status": "affected", "version": "e35f56bb03304abc92c928b641af41ca372966bb", "lessThan": "8e0f5a96c534f781e8c57ca30459448b3bfe5429", "versionType": "git"}], "programFiles": ["drivers/pci/endpoint/functions/pci-epf-vntb.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "6.0"}, {"status": "unaffected", "version": "0", "lessThan": "6.0", "versionType": "semver"}, {"status": "unaffected", "version": "5.15.165", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.103", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.44", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.10.3", "versionType": "semver", "lessThanOrEqual": "6.10.*"}, {"status": "unaffected", "version": "6.11", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/pci/endpoint/functions/pci-epf-vntb.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/24414c842a24d0fd498f9db6d2a762a8dddf1832"}, {"url": "https://git.kernel.org/stable/c/7d368de78b60088ec9031c60c88976c0063ea4c0"}, {"url": "https://git.kernel.org/stable/c/0e27e2e8697b8ce96cdef43f135426525d9d1f8f"}, {"url": "https://git.kernel.org/stable/c/b9e8695246bcfc028341470cbf92630cdc1ba36b"}, {"url": "https://git.kernel.org/stable/c/8e0f5a96c534f781e8c57ca30459448b3bfe5429"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: endpoint: Clean up error handling in vpci_scan_bus()\n\nSmatch complains about inconsistent NULL checking in vpci_scan_bus():\n\n drivers/pci/endpoint/functions/pci-epf-vntb.c:1024 vpci_scan_bus() error: we previously assumed 'vpci_bus' could be null (see line 1021)\n\nInstead of printing an error message and then crashing we should return\nan error code and clean up.\n\nAlso the NULL check is reversed so it prints an error for success\ninstead of failure."}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.15.165", "versionStartIncluding": "5.15.153"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.1.103", "versionStartIncluding": "6.0"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.6.44", "versionStartIncluding": "6.0"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.10.3", "versionStartIncluding": "6.0"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.11", "versionStartIncluding": "6.0"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T09:28:19.236Z"}}}, "cveMetadata": {"cveId": "CVE-2024-43875", "state": "PUBLISHED", "dateUpdated": "2025-05-04T09:28:19.236Z", "dateReserved": "2024-08-17T09:11:59.281Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-08-21T00:06:27.204Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: endpoint: Clean up error handling in vpci_scan_bus()\n\nSmatch complains about inconsistent NULL checking in vpci_scan_bus():\n\n drivers/pci/endpoint/functions/pci-epf-vntb.c:1024 vpci_scan_bus() error: we previously assumed 'vpci_bus' could be null (see line 1021)\n\nInstead of printing an error message and then crashing we should return\nan error code and clean up.\n\nAlso the NULL check is reversed so it prints an error for success\ninstead of failure."}], "id": "CVE-2024-43875", "lastModified": "2024-08-21T12:30:33.697", "metrics": {}, "published": "2024-08-21T01:15:11.910", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/0e27e2e8697b8ce96cdef43f135426525d9d1f8f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/24414c842a24d0fd498f9db6d2a762a8dddf1832"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/7d368de78b60088ec9031c60c88976c0063ea4c0"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/8e0f5a96c534f781e8c57ca30459448b3bfe5429"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/b9e8695246bcfc028341470cbf92630cdc1ba36b"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: PCI: endpoint: Clean up error handling in vpci_scan_bus()", "id": "2306369", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2306369"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-476", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nPCI: endpoint: Clean up error handling in vpci_scan_bus()\nSmatch complains about inconsistent NULL checking in vpci_scan_bus():\ndrivers/pci/endpoint/functions/pci-epf-vntb.c:1024 vpci_scan_bus() error: we previously assumed 'vpci_bus' could be null (see line 1021)\nInstead of printing an error message and then crashing we should return\nan error code and clean up.\nAlso the NULL check is reversed so it prints an error for success\ninstead of failure."], "name": "CVE-2024-43875", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-08-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-43875\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-43875\nhttps://lore.kernel.org/linux-cve-announce/2024082136-CVE-2024-43875-1257@gregkh/T"], "threat_severity": "Low"}