CVE-2024-36898

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-36898

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-36898.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-36898

Downstream

BELL-CVE-2024-36898

DEBIAN-CVE-2024-36898

OESA-2024-1706

OESA-2024-1707

OESA-2024-1766

SUSE-SU-2024:2135-1

SUSE-SU-2024:2203-1

SUSE-SU-2024:2973-1

SUSE-SU-2025:0556-1

SUSE-SU-2025:0577-1

SUSE-SU-2025:0577-2

UBUNTU-CVE-2024-36898

USN-6949-1

USN-6949-2

USN-6952-1

USN-6952-2

USN-6955-1

Related

Published

2024-05-30T16:15:13Z

Modified

2025-09-18T14:48:06Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

gpiolib: cdev: fix uninitialised kfifo

If a line is requested with debounce, and that results in debouncing in software, and the line is subsequently reconfigured to enable edge detection then the allocation of the kfifo to contain edge events is overlooked. This results in events being written to and read from an uninitialised kfifo. Read events are returned to userspace.

Initialise the kfifo in the case where the software debounce is already active.

References

Affected packages