Mondoo

Vulnerability Management
Technology
Services

Solutions

Financial Services
Manufacturing
Healthcare

Resources

Blog
Vulnerability Database
Documentation
GitHub

Company

About
Careers
Partners
Contact

Legal

Privacy
Terms
Imprint

Vulnerability IntelligenceCVE-2024-52332

CVE-2024-52332

HIGH7.1

igb: Fix potential invalid memory access in igb_init_module()

Published Jan 11, 2025

Modified 5 months ago

Details

In the Linux kernel, the following vulnerability has been resolved:

igb: Fix potential invalid memory access in igb_init_module()

The pci_register_driver() can fail and when this happened, the dca_notifier needs to be unregistered, otherwise the dca_notifier can be called when igb fails to install, resulting to invalid memory access.

References

WEB

https://git.kernel.org/stable/c/0566f83d206c7a864abcd741fe39d6e0ae5eef29

WEB

https://git.kernel.org/stable/c/4458046617dfadc351162dbaea1945c57eebdf36

WEB

https://git.kernel.org/stable/c/4fe517643f529e805bb6b890a4331c100e8f2484

WEB

https://git.kernel.org/stable/c/8009cdcc493fa30d4572016daf2d6999da4d6c54

WEB

https://git.kernel.org/stable/c/992fd34122de377b45cb75b64fc7f17fc1e6ed2f

WEB

https://git.kernel.org/stable/c/e0155b1b1509d0ef4799bd1cd73309ca466df3f3

WEB

https://git.kernel.org/stable/c/f309733a8c9da7d4266a8a3755020b738a570cae

WEB

https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html

WEB

https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html

ADVISORY

https://www.cve.org/CVERecord?id=CVE-2024-52332

CVSS Analysis

CVSS v3.1

7.1

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

LowAC:L

Privileges Required

LowPR:L

User Interaction

NoneUI:N

Scope

UnchangedS:U

Impact

Confidentiality

HighC:H

Integrity

NoneI:N

Availability

HighA:H

7.1/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Ecosystems

Timeline

PublishedJan 11, 2025

ModifiedNov 3, 2025

CVE-2024-52332 | Mondoo Vulnerability Intelligence