Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2024-AVI-0472
Vulnerability from certfr_avis - Published: 2024-06-07 - Updated: 2024-06-07
De multiples vulnérabilités ont été découvertes dans le noyau Linux de Debian. Elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données et un déni de service.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Debian bullseye versions ant\u00e9rieures \u00e0 5.10.218-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Debian",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-36889",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36889"
},
{
"name": "CVE-2024-36957",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36957"
},
{
"name": "CVE-2024-36939",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36939"
},
{
"name": "CVE-2024-36904",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36904"
},
{
"name": "CVE-2024-36886",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36886"
},
{
"name": "CVE-2024-36959",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36959"
},
{
"name": "CVE-2024-36929",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36929"
},
{
"name": "CVE-2024-36883",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36883"
},
{
"name": "CVE-2024-36031",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36031"
},
{
"name": "CVE-2024-36946",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36946"
},
{
"name": "CVE-2024-36934",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36934"
},
{
"name": "CVE-2023-52585",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52585"
},
{
"name": "CVE-2024-27398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27398"
},
{
"name": "CVE-2024-36017",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36017"
},
{
"name": "CVE-2024-27401",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27401"
},
{
"name": "CVE-2024-26900",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26900"
},
{
"name": "CVE-2024-36905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36905"
},
{
"name": "CVE-2024-27399",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27399"
},
{
"name": "CVE-2024-35947",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35947"
},
{
"name": "CVE-2023-52882",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52882"
},
{
"name": "CVE-2024-35848",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35848"
},
{
"name": "CVE-2022-48655",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48655"
},
{
"name": "CVE-2024-36941",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36941"
},
{
"name": "CVE-2024-36902",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36902"
},
{
"name": "CVE-2024-36919",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36919"
},
{
"name": "CVE-2024-36950",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36950"
},
{
"name": "CVE-2024-36940",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36940"
},
{
"name": "CVE-2024-36916",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36916"
},
{
"name": "CVE-2024-36954",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36954"
},
{
"name": "CVE-2024-36933",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36933"
},
{
"name": "CVE-2024-36953",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36953"
}
],
"initial_release_date": "2024-06-07T00:00:00",
"last_revision_date": "2024-06-07T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0472",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-06-07T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de Debian. Elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un d\u00e9ni de service.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Debian",
"vendor_advisories": [
{
"published_at": "2024-06-02",
"title": "Bulletin de s\u00e9curit\u00e9 Debian DSA-5703-1",
"url": "https://lists.debian.org/debian-security-announce/2024/msg00113.html"
}
]
}
CVE-2024-36933 (GCVE-0-2024-36933)
Vulnerability from cvelistv5 – Published: 2024-05-30 15:29 – Updated: 2026-05-11 20:17
VLAI
EPSS
Title
nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment().
Summary
In the Linux kernel, the following vulnerability has been resolved:
nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment().
syzbot triggered various splats (see [0] and links) by a crafted GSO
packet of VIRTIO_NET_HDR_GSO_UDP layering the following protocols:
ETH_P_8021AD + ETH_P_NSH + ETH_P_IPV6 + IPPROTO_UDP
NSH can encapsulate IPv4, IPv6, Ethernet, NSH, and MPLS. As the inner
protocol can be Ethernet, NSH GSO handler, nsh_gso_segment(), calls
skb_mac_gso_segment() to invoke inner protocol GSO handlers.
nsh_gso_segment() does the following for the original skb before
calling skb_mac_gso_segment()
1. reset skb->network_header
2. save the original skb->{mac_heaeder,mac_len} in a local variable
3. pull the NSH header
4. resets skb->mac_header
5. set up skb->mac_len and skb->protocol for the inner protocol.
and does the following for the segmented skb
6. set ntohs(ETH_P_NSH) to skb->protocol
7. push the NSH header
8. restore skb->mac_header
9. set skb->mac_header + mac_len to skb->network_header
10. restore skb->mac_len
There are two problems in 6-7 and 8-9.
(a)
After 6 & 7, skb->data points to the NSH header, so the outer header
(ETH_P_8021AD in this case) is stripped when skb is sent out of netdev.
Also, if NSH is encapsulated by NSH + Ethernet (so NSH-Ethernet-NSH),
skb_pull() in the first nsh_gso_segment() will make skb->data point
to the middle of the outer NSH or Ethernet header because the Ethernet
header is not pulled by the second nsh_gso_segment().
(b)
While restoring skb->{mac_header,network_header} in 8 & 9,
nsh_gso_segment() does not assume that the data in the linear
buffer is shifted.
However, udp6_ufo_fragment() could shift the data and change
skb->mac_header accordingly as demonstrated by syzbot.
If this happens, even the restored skb->mac_header points to
the middle of the outer header.
It seems nsh_gso_segment() has never worked with outer headers so far.
At the end of nsh_gso_segment(), the outer header must be restored for
the segmented skb, instead of the NSH header.
To do that, let's calculate the outer header position relatively from
the inner header and set skb->{data,mac_header,protocol} properly.
[0]:
BUG: KMSAN: uninit-value in ipvlan_process_outbound drivers/net/ipvlan/ipvlan_core.c:524 [inline]
BUG: KMSAN: uninit-value in ipvlan_xmit_mode_l3 drivers/net/ipvlan/ipvlan_core.c:602 [inline]
BUG: KMSAN: uninit-value in ipvlan_queue_xmit+0xf44/0x16b0 drivers/net/ipvlan/ipvlan_core.c:668
ipvlan_process_outbound drivers/net/ipvlan/ipvlan_core.c:524 [inline]
ipvlan_xmit_mode_l3 drivers/net/ipvlan/ipvlan_core.c:602 [inline]
ipvlan_queue_xmit+0xf44/0x16b0 drivers/net/ipvlan/ipvlan_core.c:668
ipvlan_start_xmit+0x5c/0x1a0 drivers/net/ipvlan/ipvlan_main.c:222
__netdev_start_xmit include/linux/netdevice.h:4989 [inline]
netdev_start_xmit include/linux/netdevice.h:5003 [inline]
xmit_one net/core/dev.c:3547 [inline]
dev_hard_start_xmit+0x244/0xa10 net/core/dev.c:3563
__dev_queue_xmit+0x33ed/0x51c0 net/core/dev.c:4351
dev_queue_xmit include/linux/netdevice.h:3171 [inline]
packet_xmit+0x9c/0x6b0 net/packet/af_packet.c:276
packet_snd net/packet/af_packet.c:3081 [inline]
packet_sendmsg+0x8aef/0x9f10 net/packet/af_packet.c:3113
sock_sendmsg_nosec net/socket.c:730 [inline]
__sock_sendmsg net/socket.c:745 [inline]
__sys_sendto+0x735/0xa10 net/socket.c:2191
__do_sys_sendto net/socket.c:2203 [inline]
__se_sys_sendto net/socket.c:2199 [inline]
__x64_sys_sendto+0x125/0x1c0 net/socket.c:2199
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x63/0x6b
Uninit was created at:
slab_post_alloc_hook mm/slub.c:3819 [inline]
slab_alloc_node mm/slub.c:3860 [inline]
__do_kmalloc_node mm/slub.c:3980 [inline]
__kmalloc_node_track_caller+0x705/0x1000 mm/slub.c:4001
kmalloc_reserve+0x249/0x4a0 net/core/skbuff.c:582
__
---truncated---
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
11 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
c411ed854584a71b0e86ac3019b60e4789d88086 , < a7c2c3c1caabcb4a3d6c47284c397507aaf54fe9
(git)
Affected: c411ed854584a71b0e86ac3019b60e4789d88086 , < 46134031c20fd313d03b90169d64b2e05ca6b65c (git) Affected: c411ed854584a71b0e86ac3019b60e4789d88086 , < bbccf0caef2fa917d6d0692385a06ce3c262a216 (git) Affected: c411ed854584a71b0e86ac3019b60e4789d88086 , < 5a4603fbc285752d19e4b415466db18ef3617e4a (git) Affected: c411ed854584a71b0e86ac3019b60e4789d88086 , < 37ed6f244ec5bda2e90b085084e322ea55d0aaa2 (git) Affected: c411ed854584a71b0e86ac3019b60e4789d88086 , < 696d18bb59727a2e0526c0802a812620be1c9340 (git) Affected: c411ed854584a71b0e86ac3019b60e4789d88086 , < 29a07f2ee4d273760c2acbfc756e29eccd82470a (git) Affected: c411ed854584a71b0e86ac3019b60e4789d88086 , < 4b911a9690d72641879ea6d13cce1de31d346d79 (git) |
|
| Linux | Linux |
Affected:
4.14
Unaffected: 0 , < 4.14 (semver) Unaffected: 4.19.314 , ≤ 4.19.* (semver) Unaffected: 5.4.276 , ≤ 5.4.* (semver) Unaffected: 5.10.217 , ≤ 5.10.* (semver) Unaffected: 5.15.159 , ≤ 5.15.* (semver) Unaffected: 6.1.91 , ≤ 6.1.* (semver) Unaffected: 6.6.31 , ≤ 6.6.* (semver) Unaffected: 6.8.10 , ≤ 6.8.* (semver) Unaffected: 6.9 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36933",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-04T15:40:25.095830Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:47:53.616Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-09-12T16:02:59.824Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a7c2c3c1caabcb4a3d6c47284c397507aaf54fe9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/46134031c20fd313d03b90169d64b2e05ca6b65c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bbccf0caef2fa917d6d0692385a06ce3c262a216"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5a4603fbc285752d19e4b415466db18ef3617e4a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/37ed6f244ec5bda2e90b085084e322ea55d0aaa2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/696d18bb59727a2e0526c0802a812620be1c9340"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/29a07f2ee4d273760c2acbfc756e29eccd82470a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4b911a9690d72641879ea6d13cce1de31d346d79"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240912-0006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/nsh/nsh.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a7c2c3c1caabcb4a3d6c47284c397507aaf54fe9",
"status": "affected",
"version": "c411ed854584a71b0e86ac3019b60e4789d88086",
"versionType": "git"
},
{
"lessThan": "46134031c20fd313d03b90169d64b2e05ca6b65c",
"status": "affected",
"version": "c411ed854584a71b0e86ac3019b60e4789d88086",
"versionType": "git"
},
{
"lessThan": "bbccf0caef2fa917d6d0692385a06ce3c262a216",
"status": "affected",
"version": "c411ed854584a71b0e86ac3019b60e4789d88086",
"versionType": "git"
},
{
"lessThan": "5a4603fbc285752d19e4b415466db18ef3617e4a",
"status": "affected",
"version": "c411ed854584a71b0e86ac3019b60e4789d88086",
"versionType": "git"
},
{
"lessThan": "37ed6f244ec5bda2e90b085084e322ea55d0aaa2",
"status": "affected",
"version": "c411ed854584a71b0e86ac3019b60e4789d88086",
"versionType": "git"
},
{
"lessThan": "696d18bb59727a2e0526c0802a812620be1c9340",
"status": "affected",
"version": "c411ed854584a71b0e86ac3019b60e4789d88086",
"versionType": "git"
},
{
"lessThan": "29a07f2ee4d273760c2acbfc756e29eccd82470a",
"status": "affected",
"version": "c411ed854584a71b0e86ac3019b60e4789d88086",
"versionType": "git"
},
{
"lessThan": "4b911a9690d72641879ea6d13cce1de31d346d79",
"status": "affected",
"version": "c411ed854584a71b0e86ac3019b60e4789d88086",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/nsh/nsh.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.14"
},
{
"lessThan": "4.14",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.314",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.276",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.217",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.314",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.276",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.217",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.159",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.91",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.31",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.10",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "4.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnsh: Restore skb-\u003e{protocol,data,mac_header} for outer header in nsh_gso_segment().\n\nsyzbot triggered various splats (see [0] and links) by a crafted GSO\npacket of VIRTIO_NET_HDR_GSO_UDP layering the following protocols:\n\n ETH_P_8021AD + ETH_P_NSH + ETH_P_IPV6 + IPPROTO_UDP\n\nNSH can encapsulate IPv4, IPv6, Ethernet, NSH, and MPLS. As the inner\nprotocol can be Ethernet, NSH GSO handler, nsh_gso_segment(), calls\nskb_mac_gso_segment() to invoke inner protocol GSO handlers.\n\nnsh_gso_segment() does the following for the original skb before\ncalling skb_mac_gso_segment()\n\n 1. reset skb-\u003enetwork_header\n 2. save the original skb-\u003e{mac_heaeder,mac_len} in a local variable\n 3. pull the NSH header\n 4. resets skb-\u003emac_header\n 5. set up skb-\u003emac_len and skb-\u003eprotocol for the inner protocol.\n\nand does the following for the segmented skb\n\n 6. set ntohs(ETH_P_NSH) to skb-\u003eprotocol\n 7. push the NSH header\n 8. restore skb-\u003emac_header\n 9. set skb-\u003emac_header + mac_len to skb-\u003enetwork_header\n 10. restore skb-\u003emac_len\n\nThere are two problems in 6-7 and 8-9.\n\n (a)\n After 6 \u0026 7, skb-\u003edata points to the NSH header, so the outer header\n (ETH_P_8021AD in this case) is stripped when skb is sent out of netdev.\n\n Also, if NSH is encapsulated by NSH + Ethernet (so NSH-Ethernet-NSH),\n skb_pull() in the first nsh_gso_segment() will make skb-\u003edata point\n to the middle of the outer NSH or Ethernet header because the Ethernet\n header is not pulled by the second nsh_gso_segment().\n\n (b)\n While restoring skb-\u003e{mac_header,network_header} in 8 \u0026 9,\n nsh_gso_segment() does not assume that the data in the linear\n buffer is shifted.\n\n However, udp6_ufo_fragment() could shift the data and change\n skb-\u003emac_header accordingly as demonstrated by syzbot.\n\n If this happens, even the restored skb-\u003emac_header points to\n the middle of the outer header.\n\nIt seems nsh_gso_segment() has never worked with outer headers so far.\n\nAt the end of nsh_gso_segment(), the outer header must be restored for\nthe segmented skb, instead of the NSH header.\n\nTo do that, let\u0027s calculate the outer header position relatively from\nthe inner header and set skb-\u003e{data,mac_header,protocol} properly.\n\n[0]:\nBUG: KMSAN: uninit-value in ipvlan_process_outbound drivers/net/ipvlan/ipvlan_core.c:524 [inline]\nBUG: KMSAN: uninit-value in ipvlan_xmit_mode_l3 drivers/net/ipvlan/ipvlan_core.c:602 [inline]\nBUG: KMSAN: uninit-value in ipvlan_queue_xmit+0xf44/0x16b0 drivers/net/ipvlan/ipvlan_core.c:668\n ipvlan_process_outbound drivers/net/ipvlan/ipvlan_core.c:524 [inline]\n ipvlan_xmit_mode_l3 drivers/net/ipvlan/ipvlan_core.c:602 [inline]\n ipvlan_queue_xmit+0xf44/0x16b0 drivers/net/ipvlan/ipvlan_core.c:668\n ipvlan_start_xmit+0x5c/0x1a0 drivers/net/ipvlan/ipvlan_main.c:222\n __netdev_start_xmit include/linux/netdevice.h:4989 [inline]\n netdev_start_xmit include/linux/netdevice.h:5003 [inline]\n xmit_one net/core/dev.c:3547 [inline]\n dev_hard_start_xmit+0x244/0xa10 net/core/dev.c:3563\n __dev_queue_xmit+0x33ed/0x51c0 net/core/dev.c:4351\n dev_queue_xmit include/linux/netdevice.h:3171 [inline]\n packet_xmit+0x9c/0x6b0 net/packet/af_packet.c:276\n packet_snd net/packet/af_packet.c:3081 [inline]\n packet_sendmsg+0x8aef/0x9f10 net/packet/af_packet.c:3113\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg net/socket.c:745 [inline]\n __sys_sendto+0x735/0xa10 net/socket.c:2191\n __do_sys_sendto net/socket.c:2203 [inline]\n __se_sys_sendto net/socket.c:2199 [inline]\n __x64_sys_sendto+0x125/0x1c0 net/socket.c:2199\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nUninit was created at:\n slab_post_alloc_hook mm/slub.c:3819 [inline]\n slab_alloc_node mm/slub.c:3860 [inline]\n __do_kmalloc_node mm/slub.c:3980 [inline]\n __kmalloc_node_track_caller+0x705/0x1000 mm/slub.c:4001\n kmalloc_reserve+0x249/0x4a0 net/core/skbuff.c:582\n __\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:17:18.281Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a7c2c3c1caabcb4a3d6c47284c397507aaf54fe9"
},
{
"url": "https://git.kernel.org/stable/c/46134031c20fd313d03b90169d64b2e05ca6b65c"
},
{
"url": "https://git.kernel.org/stable/c/bbccf0caef2fa917d6d0692385a06ce3c262a216"
},
{
"url": "https://git.kernel.org/stable/c/5a4603fbc285752d19e4b415466db18ef3617e4a"
},
{
"url": "https://git.kernel.org/stable/c/37ed6f244ec5bda2e90b085084e322ea55d0aaa2"
},
{
"url": "https://git.kernel.org/stable/c/696d18bb59727a2e0526c0802a812620be1c9340"
},
{
"url": "https://git.kernel.org/stable/c/29a07f2ee4d273760c2acbfc756e29eccd82470a"
},
{
"url": "https://git.kernel.org/stable/c/4b911a9690d72641879ea6d13cce1de31d346d79"
}
],
"title": "nsh: Restore skb-\u003e{protocol,data,mac_header} for outer header in nsh_gso_segment().",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36933",
"datePublished": "2024-05-30T15:29:23.764Z",
"dateReserved": "2024-05-30T15:25:07.071Z",
"dateUpdated": "2026-05-11T20:17:18.281Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-36934 (GCVE-0-2024-36934)
Vulnerability from cvelistv5 – Published: 2024-05-30 15:29 – Updated: 2026-05-11 20:17
VLAI
EPSS
Title
bna: ensure the copied buf is NUL terminated
Summary
In the Linux kernel, the following vulnerability has been resolved:
bna: ensure the copied buf is NUL terminated
Currently, we allocate a nbytes-sized kernel buffer and copy nbytes from
userspace to that buffer. Later, we use sscanf on this buffer but we don't
ensure that the string is terminated inside the buffer, this can lead to
OOB read when using sscanf. Fix this issue by using memdup_user_nul
instead of memdup_user.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
11 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
7afc5dbde09104b023ce04465ba71aaba0fc4346 , < bd502ba81cd1d515deddad7dbc6b812b14b97147
(git)
Affected: 7afc5dbde09104b023ce04465ba71aaba0fc4346 , < 80578ec10335bc15ac35fd1703c22aab34e39fdd (git) Affected: 7afc5dbde09104b023ce04465ba71aaba0fc4346 , < 6f0f19b79c085cc891c418b768f26f7004bd51a4 (git) Affected: 7afc5dbde09104b023ce04465ba71aaba0fc4346 , < 0f560240b4cc25d3de527deb257cdf072c0102a9 (git) Affected: 7afc5dbde09104b023ce04465ba71aaba0fc4346 , < 06cb37e2ba6441888f24566a997481d4197b4e32 (git) Affected: 7afc5dbde09104b023ce04465ba71aaba0fc4346 , < e19478763154674c084defc62ae0d64d79657f91 (git) Affected: 7afc5dbde09104b023ce04465ba71aaba0fc4346 , < 1518b2b498a0109eb6b15755169d3b6607356b35 (git) Affected: 7afc5dbde09104b023ce04465ba71aaba0fc4346 , < 8c34096c7fdf272fd4c0c37fe411cd2e3ed0ee9f (git) |
|
| Linux | Linux |
Affected:
3.3
Unaffected: 0 , < 3.3 (semver) Unaffected: 4.19.314 , ≤ 4.19.* (semver) Unaffected: 5.4.276 , ≤ 5.4.* (semver) Unaffected: 5.10.217 , ≤ 5.10.* (semver) Unaffected: 5.15.159 , ≤ 5.15.* (semver) Unaffected: 6.1.91 , ≤ 6.1.* (semver) Unaffected: 6.6.31 , ≤ 6.6.* (semver) Unaffected: 6.8.10 , ≤ 6.8.* (semver) Unaffected: 6.9 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-09-12T16:03:00.779Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bd502ba81cd1d515deddad7dbc6b812b14b97147"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/80578ec10335bc15ac35fd1703c22aab34e39fdd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6f0f19b79c085cc891c418b768f26f7004bd51a4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0f560240b4cc25d3de527deb257cdf072c0102a9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/06cb37e2ba6441888f24566a997481d4197b4e32"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e19478763154674c084defc62ae0d64d79657f91"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1518b2b498a0109eb6b15755169d3b6607356b35"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8c34096c7fdf272fd4c0c37fe411cd2e3ed0ee9f"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240912-0007/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36934",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:15:51.492467Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:36.842Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/brocade/bna/bnad_debugfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "bd502ba81cd1d515deddad7dbc6b812b14b97147",
"status": "affected",
"version": "7afc5dbde09104b023ce04465ba71aaba0fc4346",
"versionType": "git"
},
{
"lessThan": "80578ec10335bc15ac35fd1703c22aab34e39fdd",
"status": "affected",
"version": "7afc5dbde09104b023ce04465ba71aaba0fc4346",
"versionType": "git"
},
{
"lessThan": "6f0f19b79c085cc891c418b768f26f7004bd51a4",
"status": "affected",
"version": "7afc5dbde09104b023ce04465ba71aaba0fc4346",
"versionType": "git"
},
{
"lessThan": "0f560240b4cc25d3de527deb257cdf072c0102a9",
"status": "affected",
"version": "7afc5dbde09104b023ce04465ba71aaba0fc4346",
"versionType": "git"
},
{
"lessThan": "06cb37e2ba6441888f24566a997481d4197b4e32",
"status": "affected",
"version": "7afc5dbde09104b023ce04465ba71aaba0fc4346",
"versionType": "git"
},
{
"lessThan": "e19478763154674c084defc62ae0d64d79657f91",
"status": "affected",
"version": "7afc5dbde09104b023ce04465ba71aaba0fc4346",
"versionType": "git"
},
{
"lessThan": "1518b2b498a0109eb6b15755169d3b6607356b35",
"status": "affected",
"version": "7afc5dbde09104b023ce04465ba71aaba0fc4346",
"versionType": "git"
},
{
"lessThan": "8c34096c7fdf272fd4c0c37fe411cd2e3ed0ee9f",
"status": "affected",
"version": "7afc5dbde09104b023ce04465ba71aaba0fc4346",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/brocade/bna/bnad_debugfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.3"
},
{
"lessThan": "3.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.314",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.276",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.217",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.314",
"versionStartIncluding": "3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.276",
"versionStartIncluding": "3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.217",
"versionStartIncluding": "3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.159",
"versionStartIncluding": "3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.91",
"versionStartIncluding": "3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.31",
"versionStartIncluding": "3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.10",
"versionStartIncluding": "3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "3.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbna: ensure the copied buf is NUL terminated\n\nCurrently, we allocate a nbytes-sized kernel buffer and copy nbytes from\nuserspace to that buffer. Later, we use sscanf on this buffer but we don\u0027t\nensure that the string is terminated inside the buffer, this can lead to\nOOB read when using sscanf. Fix this issue by using memdup_user_nul\ninstead of memdup_user."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:17:19.443Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/bd502ba81cd1d515deddad7dbc6b812b14b97147"
},
{
"url": "https://git.kernel.org/stable/c/80578ec10335bc15ac35fd1703c22aab34e39fdd"
},
{
"url": "https://git.kernel.org/stable/c/6f0f19b79c085cc891c418b768f26f7004bd51a4"
},
{
"url": "https://git.kernel.org/stable/c/0f560240b4cc25d3de527deb257cdf072c0102a9"
},
{
"url": "https://git.kernel.org/stable/c/06cb37e2ba6441888f24566a997481d4197b4e32"
},
{
"url": "https://git.kernel.org/stable/c/e19478763154674c084defc62ae0d64d79657f91"
},
{
"url": "https://git.kernel.org/stable/c/1518b2b498a0109eb6b15755169d3b6607356b35"
},
{
"url": "https://git.kernel.org/stable/c/8c34096c7fdf272fd4c0c37fe411cd2e3ed0ee9f"
}
],
"title": "bna: ensure the copied buf is NUL terminated",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36934",
"datePublished": "2024-05-30T15:29:24.357Z",
"dateReserved": "2024-05-30T15:25:07.071Z",
"dateUpdated": "2026-05-11T20:17:19.443Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-36939 (GCVE-0-2024-36939)
Vulnerability from cvelistv5 – Published: 2024-05-30 15:29 – Updated: 2026-05-12 11:54
VLAI
EPSS
Title
nfs: Handle error of rpc_proc_register() in nfs_net_init().
Summary
In the Linux kernel, the following vulnerability has been resolved:
nfs: Handle error of rpc_proc_register() in nfs_net_init().
syzkaller reported a warning [0] triggered while destroying immature
netns.
rpc_proc_register() was called in init_nfs_fs(), but its error
has been ignored since at least the initial commit 1da177e4c3f4
("Linux-2.6.12-rc2").
Recently, commit d47151b79e32 ("nfs: expose /proc/net/sunrpc/nfs
in net namespaces") converted the procfs to per-netns and made
the problem more visible.
Even when rpc_proc_register() fails, nfs_net_init() could succeed,
and thus nfs_net_exit() will be called while destroying the netns.
Then, remove_proc_entry() will be called for non-existing proc
directory and trigger the warning below.
Let's handle the error of rpc_proc_register() properly in nfs_net_init().
[0]:
name 'nfs'
WARNING: CPU: 1 PID: 1710 at fs/proc/generic.c:711 remove_proc_entry+0x1bb/0x2d0 fs/proc/generic.c:711
Modules linked in:
CPU: 1 PID: 1710 Comm: syz-executor.2 Not tainted 6.8.0-12822-gcd51db110a7e #12
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014
RIP: 0010:remove_proc_entry+0x1bb/0x2d0 fs/proc/generic.c:711
Code: 41 5d 41 5e c3 e8 85 09 b5 ff 48 c7 c7 88 58 64 86 e8 09 0e 71 02 e8 74 09 b5 ff 4c 89 e6 48 c7 c7 de 1b 80 84 e8 c5 ad 97 ff <0f> 0b eb b1 e8 5c 09 b5 ff 48 c7 c7 88 58 64 86 e8 e0 0d 71 02 eb
RSP: 0018:ffffc9000c6d7ce0 EFLAGS: 00010286
RAX: 0000000000000000 RBX: ffff8880422b8b00 RCX: ffffffff8110503c
RDX: ffff888030652f00 RSI: ffffffff81105045 RDI: 0000000000000001
RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000001 R11: ffffffff81bb62cb R12: ffffffff84807ffc
R13: ffff88804ad6fcc0 R14: ffffffff84807ffc R15: ffffffff85741ff8
FS: 00007f30cfba8640(0000) GS:ffff88807dd00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ff51afe8000 CR3: 000000005a60a005 CR4: 0000000000770ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
PKRU: 55555554
Call Trace:
<TASK>
rpc_proc_unregister+0x64/0x70 net/sunrpc/stats.c:310
nfs_net_exit+0x1c/0x30 fs/nfs/inode.c:2438
ops_exit_list+0x62/0xb0 net/core/net_namespace.c:170
setup_net+0x46c/0x660 net/core/net_namespace.c:372
copy_net_ns+0x244/0x590 net/core/net_namespace.c:505
create_new_namespaces+0x2ed/0x770 kernel/nsproxy.c:110
unshare_nsproxy_namespaces+0xae/0x160 kernel/nsproxy.c:228
ksys_unshare+0x342/0x760 kernel/fork.c:3322
__do_sys_unshare kernel/fork.c:3393 [inline]
__se_sys_unshare kernel/fork.c:3391 [inline]
__x64_sys_unshare+0x1f/0x30 kernel/fork.c:3391
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0x4f/0x110 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x46/0x4e
RIP: 0033:0x7f30d0febe5d
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 73 9f 1b 00 f7 d8 64 89 01 48
RSP: 002b:00007f30cfba7cc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
RAX: ffffffffffffffda RBX: 00000000004bbf80 RCX: 00007f30d0febe5d
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000006c020600
RBP: 00000000004bbf80 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
R13: 000000000000000b R14: 00007f30d104c530 R15: 0000000000000000
</TASK>
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
9 references
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < b33ca18c3a1190208dfd569c4fa8a2f93084709f
(git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < d4891d817350c67392d4731536945f3809a2a0ba (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < ea6ce93327bd2c8a0c6cf6f2f0e800f3b778f021 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 8ae63bd858691bee0e2a92571f2fbb36a4d86d65 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 8a1f89c98dcc542dd6d287e573523714702e0f9c (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 9909dde2e53a19585212c32fe3eda482b5faaaa3 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 24457f1be29f1e7042e50a7749f5c2dde8c433c8 (git) |
|
| Linux | Linux |
Affected:
2.6.12
Unaffected: 0 , < 2.6.12 (semver) Unaffected: 5.4.276 , ≤ 5.4.* (semver) Unaffected: 5.10.217 , ≤ 5.10.* (semver) Unaffected: 5.15.159 , ≤ 5.15.* (semver) Unaffected: 6.1.91 , ≤ 6.1.* (semver) Unaffected: 6.6.31 , ≤ 6.6.* (semver) Unaffected: 6.8.10 , ≤ 6.8.* (semver) Unaffected: 6.9 , ≤ * (original_commit_for_fix) |
|
| Siemens | SIMATIC S7-1500 TM MFP - GNU/Linux subsystem |
Affected:
0 , < *
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36939",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-03T18:55:43.324430Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:48:06.262Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.092Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b33ca18c3a1190208dfd569c4fa8a2f93084709f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d4891d817350c67392d4731536945f3809a2a0ba"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ea6ce93327bd2c8a0c6cf6f2f0e800f3b778f021"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8ae63bd858691bee0e2a92571f2fbb36a4d86d65"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8a1f89c98dcc542dd6d287e573523714702e0f9c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9909dde2e53a19585212c32fe3eda482b5faaaa3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/24457f1be29f1e7042e50a7749f5c2dde8c433c8"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T11:54:17.924Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/nfs/inode.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b33ca18c3a1190208dfd569c4fa8a2f93084709f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "d4891d817350c67392d4731536945f3809a2a0ba",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ea6ce93327bd2c8a0c6cf6f2f0e800f3b778f021",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8ae63bd858691bee0e2a92571f2fbb36a4d86d65",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8a1f89c98dcc542dd6d287e573523714702e0f9c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "9909dde2e53a19585212c32fe3eda482b5faaaa3",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "24457f1be29f1e7042e50a7749f5c2dde8c433c8",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/nfs/inode.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.12"
},
{
"lessThan": "2.6.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.276",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.217",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.276",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.217",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.159",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.91",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.31",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.10",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "2.6.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfs: Handle error of rpc_proc_register() in nfs_net_init().\n\nsyzkaller reported a warning [0] triggered while destroying immature\nnetns.\n\nrpc_proc_register() was called in init_nfs_fs(), but its error\nhas been ignored since at least the initial commit 1da177e4c3f4\n(\"Linux-2.6.12-rc2\").\n\nRecently, commit d47151b79e32 (\"nfs: expose /proc/net/sunrpc/nfs\nin net namespaces\") converted the procfs to per-netns and made\nthe problem more visible.\n\nEven when rpc_proc_register() fails, nfs_net_init() could succeed,\nand thus nfs_net_exit() will be called while destroying the netns.\n\nThen, remove_proc_entry() will be called for non-existing proc\ndirectory and trigger the warning below.\n\nLet\u0027s handle the error of rpc_proc_register() properly in nfs_net_init().\n\n[0]:\nname \u0027nfs\u0027\nWARNING: CPU: 1 PID: 1710 at fs/proc/generic.c:711 remove_proc_entry+0x1bb/0x2d0 fs/proc/generic.c:711\nModules linked in:\nCPU: 1 PID: 1710 Comm: syz-executor.2 Not tainted 6.8.0-12822-gcd51db110a7e #12\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\nRIP: 0010:remove_proc_entry+0x1bb/0x2d0 fs/proc/generic.c:711\nCode: 41 5d 41 5e c3 e8 85 09 b5 ff 48 c7 c7 88 58 64 86 e8 09 0e 71 02 e8 74 09 b5 ff 4c 89 e6 48 c7 c7 de 1b 80 84 e8 c5 ad 97 ff \u003c0f\u003e 0b eb b1 e8 5c 09 b5 ff 48 c7 c7 88 58 64 86 e8 e0 0d 71 02 eb\nRSP: 0018:ffffc9000c6d7ce0 EFLAGS: 00010286\nRAX: 0000000000000000 RBX: ffff8880422b8b00 RCX: ffffffff8110503c\nRDX: ffff888030652f00 RSI: ffffffff81105045 RDI: 0000000000000001\nRBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000001 R11: ffffffff81bb62cb R12: ffffffff84807ffc\nR13: ffff88804ad6fcc0 R14: ffffffff84807ffc R15: ffffffff85741ff8\nFS: 00007f30cfba8640(0000) GS:ffff88807dd00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007ff51afe8000 CR3: 000000005a60a005 CR4: 0000000000770ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n rpc_proc_unregister+0x64/0x70 net/sunrpc/stats.c:310\n nfs_net_exit+0x1c/0x30 fs/nfs/inode.c:2438\n ops_exit_list+0x62/0xb0 net/core/net_namespace.c:170\n setup_net+0x46c/0x660 net/core/net_namespace.c:372\n copy_net_ns+0x244/0x590 net/core/net_namespace.c:505\n create_new_namespaces+0x2ed/0x770 kernel/nsproxy.c:110\n unshare_nsproxy_namespaces+0xae/0x160 kernel/nsproxy.c:228\n ksys_unshare+0x342/0x760 kernel/fork.c:3322\n __do_sys_unshare kernel/fork.c:3393 [inline]\n __se_sys_unshare kernel/fork.c:3391 [inline]\n __x64_sys_unshare+0x1f/0x30 kernel/fork.c:3391\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0x4f/0x110 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x46/0x4e\nRIP: 0033:0x7f30d0febe5d\nCode: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d 73 9f 1b 00 f7 d8 64 89 01 48\nRSP: 002b:00007f30cfba7cc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000110\nRAX: ffffffffffffffda RBX: 00000000004bbf80 RCX: 00007f30d0febe5d\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000006c020600\nRBP: 00000000004bbf80 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002\nR13: 000000000000000b R14: 00007f30d104c530 R15: 0000000000000000\n \u003c/TASK\u003e"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:17:25.913Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b33ca18c3a1190208dfd569c4fa8a2f93084709f"
},
{
"url": "https://git.kernel.org/stable/c/d4891d817350c67392d4731536945f3809a2a0ba"
},
{
"url": "https://git.kernel.org/stable/c/ea6ce93327bd2c8a0c6cf6f2f0e800f3b778f021"
},
{
"url": "https://git.kernel.org/stable/c/8ae63bd858691bee0e2a92571f2fbb36a4d86d65"
},
{
"url": "https://git.kernel.org/stable/c/8a1f89c98dcc542dd6d287e573523714702e0f9c"
},
{
"url": "https://git.kernel.org/stable/c/9909dde2e53a19585212c32fe3eda482b5faaaa3"
},
{
"url": "https://git.kernel.org/stable/c/24457f1be29f1e7042e50a7749f5c2dde8c433c8"
}
],
"title": "nfs: Handle error of rpc_proc_register() in nfs_net_init().",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36939",
"datePublished": "2024-05-30T15:29:27.517Z",
"dateReserved": "2024-05-30T15:25:07.071Z",
"dateUpdated": "2026-05-12T11:54:17.924Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-36940 (GCVE-0-2024-36940)
Vulnerability from cvelistv5 – Published: 2024-05-30 15:29 – Updated: 2026-05-12 11:54
VLAI
EPSS
Title
pinctrl: core: delete incorrect free in pinctrl_enable()
Summary
In the Linux kernel, the following vulnerability has been resolved:
pinctrl: core: delete incorrect free in pinctrl_enable()
The "pctldev" struct is allocated in devm_pinctrl_register_and_init().
It's a devm_ managed pointer that is freed by devm_pinctrl_dev_release(),
so freeing it in pinctrl_enable() will lead to a double free.
The devm_pinctrl_dev_release() function frees the pindescs and destroys
the mutex as well.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
12 references
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
6118714275f0a313ecc296a87ed1af32d9691bed , < 735f4c6b6771eafe336404c157ca683ad72a040d
(git)
Affected: 6118714275f0a313ecc296a87ed1af32d9691bed , < cdaa171473d98962ae86f2a663d398fda2fbeefd (git) Affected: 6118714275f0a313ecc296a87ed1af32d9691bed , < 288bc4aa75f150d6f1ee82dd43c6da1b438b6068 (git) Affected: 6118714275f0a313ecc296a87ed1af32d9691bed , < 41f88ef8ba387a12f4a2b8c400b6c9e8e54b2cca (git) Affected: 6118714275f0a313ecc296a87ed1af32d9691bed , < ac7d65795827dc0cf7662384ed27caf4066bd72e (git) Affected: 6118714275f0a313ecc296a87ed1af32d9691bed , < 558c8039fdf596a584a92c171cbf3298919c448c (git) Affected: 6118714275f0a313ecc296a87ed1af32d9691bed , < f9f1e321d53e4c5b666b66e5b43da29841fb55ba (git) Affected: 6118714275f0a313ecc296a87ed1af32d9691bed , < 5038a66dad0199de60e5671603ea6623eb9e5c79 (git) |
|
| Linux | Linux |
Affected:
4.11
Unaffected: 0 , < 4.11 (semver) Unaffected: 4.19.314 , ≤ 4.19.* (semver) Unaffected: 5.4.276 , ≤ 5.4.* (semver) Unaffected: 5.10.217 , ≤ 5.10.* (semver) Unaffected: 5.15.159 , ≤ 5.15.* (semver) Unaffected: 6.1.91 , ≤ 6.1.* (semver) Unaffected: 6.6.31 , ≤ 6.6.* (semver) Unaffected: 6.8.10 , ≤ 6.8.* (semver) Unaffected: 6.9 , ≤ * (original_commit_for_fix) |
|
| Siemens | RUGGEDCOM RST2428P |
Affected:
0 , < V3.1
(custom)
|
|
| Siemens | SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family |
Unaffected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XCM-/XRM-/XCH-/XRH-300 family |
Affected:
0 , < V3.1
(custom)
|
|
| Siemens | SIMATIC S7-1500 TM MFP - GNU/Linux subsystem |
Affected:
0 , < *
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36940",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-05T14:25:26.979822Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-05T14:25:33.588Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.606Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/735f4c6b6771eafe336404c157ca683ad72a040d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cdaa171473d98962ae86f2a663d398fda2fbeefd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/288bc4aa75f150d6f1ee82dd43c6da1b438b6068"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/41f88ef8ba387a12f4a2b8c400b6c9e8e54b2cca"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ac7d65795827dc0cf7662384ed27caf4066bd72e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/558c8039fdf596a584a92c171cbf3298919c448c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f9f1e321d53e4c5b666b66e5b43da29841fb55ba"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5038a66dad0199de60e5671603ea6623eb9e5c79"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RST2428P",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XCM-/XRM-/XCH-/XRH-300 family",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T11:54:19.300Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-613116.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/pinctrl/core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "735f4c6b6771eafe336404c157ca683ad72a040d",
"status": "affected",
"version": "6118714275f0a313ecc296a87ed1af32d9691bed",
"versionType": "git"
},
{
"lessThan": "cdaa171473d98962ae86f2a663d398fda2fbeefd",
"status": "affected",
"version": "6118714275f0a313ecc296a87ed1af32d9691bed",
"versionType": "git"
},
{
"lessThan": "288bc4aa75f150d6f1ee82dd43c6da1b438b6068",
"status": "affected",
"version": "6118714275f0a313ecc296a87ed1af32d9691bed",
"versionType": "git"
},
{
"lessThan": "41f88ef8ba387a12f4a2b8c400b6c9e8e54b2cca",
"status": "affected",
"version": "6118714275f0a313ecc296a87ed1af32d9691bed",
"versionType": "git"
},
{
"lessThan": "ac7d65795827dc0cf7662384ed27caf4066bd72e",
"status": "affected",
"version": "6118714275f0a313ecc296a87ed1af32d9691bed",
"versionType": "git"
},
{
"lessThan": "558c8039fdf596a584a92c171cbf3298919c448c",
"status": "affected",
"version": "6118714275f0a313ecc296a87ed1af32d9691bed",
"versionType": "git"
},
{
"lessThan": "f9f1e321d53e4c5b666b66e5b43da29841fb55ba",
"status": "affected",
"version": "6118714275f0a313ecc296a87ed1af32d9691bed",
"versionType": "git"
},
{
"lessThan": "5038a66dad0199de60e5671603ea6623eb9e5c79",
"status": "affected",
"version": "6118714275f0a313ecc296a87ed1af32d9691bed",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/pinctrl/core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.11"
},
{
"lessThan": "4.11",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.314",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.276",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.217",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.314",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.276",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.217",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.159",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.91",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.31",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.10",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "4.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: core: delete incorrect free in pinctrl_enable()\n\nThe \"pctldev\" struct is allocated in devm_pinctrl_register_and_init().\nIt\u0027s a devm_ managed pointer that is freed by devm_pinctrl_dev_release(),\nso freeing it in pinctrl_enable() will lead to a double free.\n\nThe devm_pinctrl_dev_release() function frees the pindescs and destroys\nthe mutex as well."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:17:27.126Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/735f4c6b6771eafe336404c157ca683ad72a040d"
},
{
"url": "https://git.kernel.org/stable/c/cdaa171473d98962ae86f2a663d398fda2fbeefd"
},
{
"url": "https://git.kernel.org/stable/c/288bc4aa75f150d6f1ee82dd43c6da1b438b6068"
},
{
"url": "https://git.kernel.org/stable/c/41f88ef8ba387a12f4a2b8c400b6c9e8e54b2cca"
},
{
"url": "https://git.kernel.org/stable/c/ac7d65795827dc0cf7662384ed27caf4066bd72e"
},
{
"url": "https://git.kernel.org/stable/c/558c8039fdf596a584a92c171cbf3298919c448c"
},
{
"url": "https://git.kernel.org/stable/c/f9f1e321d53e4c5b666b66e5b43da29841fb55ba"
},
{
"url": "https://git.kernel.org/stable/c/5038a66dad0199de60e5671603ea6623eb9e5c79"
}
],
"title": "pinctrl: core: delete incorrect free in pinctrl_enable()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36940",
"datePublished": "2024-05-30T15:29:28.101Z",
"dateReserved": "2024-05-30T15:25:07.072Z",
"dateUpdated": "2026-05-12T11:54:19.300Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-36941 (GCVE-0-2024-36941)
Vulnerability from cvelistv5 – Published: 2024-05-30 15:29 – Updated: 2026-05-11 20:17
VLAI
EPSS
Title
wifi: nl80211: don't free NULL coalescing rule
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: nl80211: don't free NULL coalescing rule
If the parsing fails, we can dereference a NULL pointer here.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
10 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
be29b99a9b51b0338eea3c66a58de53bbd01de24 , < 327382dc0f16b268950b96e0052595efd80f7b0a
(git)
Affected: be29b99a9b51b0338eea3c66a58de53bbd01de24 , < 97792d0611ae2e6fe3ccefb0a94a1d802317c457 (git) Affected: be29b99a9b51b0338eea3c66a58de53bbd01de24 , < 5a730a161ac2290d46d49be76b2b1aee8d2eb307 (git) Affected: be29b99a9b51b0338eea3c66a58de53bbd01de24 , < ad12c74e953b68ad85c78adc6408ed8435c64af4 (git) Affected: be29b99a9b51b0338eea3c66a58de53bbd01de24 , < b0db4caa10f2e4e811cf88744fbf0d074b67ec1f (git) Affected: be29b99a9b51b0338eea3c66a58de53bbd01de24 , < 244822c09b4f9aedfb5977f03c0deeb39da8ec7d (git) Affected: be29b99a9b51b0338eea3c66a58de53bbd01de24 , < f92772a642485394db5c9a17bd0ee73fc6902383 (git) Affected: be29b99a9b51b0338eea3c66a58de53bbd01de24 , < 801ea33ae82d6a9d954074fbcf8ea9d18f1543a7 (git) |
|
| Linux | Linux |
Affected:
3.12
Unaffected: 0 , < 3.12 (semver) Unaffected: 4.19.314 , ≤ 4.19.* (semver) Unaffected: 5.4.276 , ≤ 5.4.* (semver) Unaffected: 5.10.217 , ≤ 5.10.* (semver) Unaffected: 5.15.159 , ≤ 5.15.* (semver) Unaffected: 6.1.91 , ≤ 6.1.* (semver) Unaffected: 6.6.31 , ≤ 6.6.* (semver) Unaffected: 6.8.10 , ≤ 6.8.* (semver) Unaffected: 6.9 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-36941",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-03T18:57:12.725668Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-20T14:17:10.233Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.555Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/327382dc0f16b268950b96e0052595efd80f7b0a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/97792d0611ae2e6fe3ccefb0a94a1d802317c457"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5a730a161ac2290d46d49be76b2b1aee8d2eb307"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ad12c74e953b68ad85c78adc6408ed8435c64af4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b0db4caa10f2e4e811cf88744fbf0d074b67ec1f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/244822c09b4f9aedfb5977f03c0deeb39da8ec7d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f92772a642485394db5c9a17bd0ee73fc6902383"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/801ea33ae82d6a9d954074fbcf8ea9d18f1543a7"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/wireless/nl80211.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "327382dc0f16b268950b96e0052595efd80f7b0a",
"status": "affected",
"version": "be29b99a9b51b0338eea3c66a58de53bbd01de24",
"versionType": "git"
},
{
"lessThan": "97792d0611ae2e6fe3ccefb0a94a1d802317c457",
"status": "affected",
"version": "be29b99a9b51b0338eea3c66a58de53bbd01de24",
"versionType": "git"
},
{
"lessThan": "5a730a161ac2290d46d49be76b2b1aee8d2eb307",
"status": "affected",
"version": "be29b99a9b51b0338eea3c66a58de53bbd01de24",
"versionType": "git"
},
{
"lessThan": "ad12c74e953b68ad85c78adc6408ed8435c64af4",
"status": "affected",
"version": "be29b99a9b51b0338eea3c66a58de53bbd01de24",
"versionType": "git"
},
{
"lessThan": "b0db4caa10f2e4e811cf88744fbf0d074b67ec1f",
"status": "affected",
"version": "be29b99a9b51b0338eea3c66a58de53bbd01de24",
"versionType": "git"
},
{
"lessThan": "244822c09b4f9aedfb5977f03c0deeb39da8ec7d",
"status": "affected",
"version": "be29b99a9b51b0338eea3c66a58de53bbd01de24",
"versionType": "git"
},
{
"lessThan": "f92772a642485394db5c9a17bd0ee73fc6902383",
"status": "affected",
"version": "be29b99a9b51b0338eea3c66a58de53bbd01de24",
"versionType": "git"
},
{
"lessThan": "801ea33ae82d6a9d954074fbcf8ea9d18f1543a7",
"status": "affected",
"version": "be29b99a9b51b0338eea3c66a58de53bbd01de24",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/wireless/nl80211.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.12"
},
{
"lessThan": "3.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.314",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.276",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.217",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.314",
"versionStartIncluding": "3.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.276",
"versionStartIncluding": "3.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.217",
"versionStartIncluding": "3.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.159",
"versionStartIncluding": "3.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.91",
"versionStartIncluding": "3.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.31",
"versionStartIncluding": "3.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.10",
"versionStartIncluding": "3.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "3.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: nl80211: don\u0027t free NULL coalescing rule\n\nIf the parsing fails, we can dereference a NULL pointer here."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:17:28.370Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/327382dc0f16b268950b96e0052595efd80f7b0a"
},
{
"url": "https://git.kernel.org/stable/c/97792d0611ae2e6fe3ccefb0a94a1d802317c457"
},
{
"url": "https://git.kernel.org/stable/c/5a730a161ac2290d46d49be76b2b1aee8d2eb307"
},
{
"url": "https://git.kernel.org/stable/c/ad12c74e953b68ad85c78adc6408ed8435c64af4"
},
{
"url": "https://git.kernel.org/stable/c/b0db4caa10f2e4e811cf88744fbf0d074b67ec1f"
},
{
"url": "https://git.kernel.org/stable/c/244822c09b4f9aedfb5977f03c0deeb39da8ec7d"
},
{
"url": "https://git.kernel.org/stable/c/f92772a642485394db5c9a17bd0ee73fc6902383"
},
{
"url": "https://git.kernel.org/stable/c/801ea33ae82d6a9d954074fbcf8ea9d18f1543a7"
}
],
"title": "wifi: nl80211: don\u0027t free NULL coalescing rule",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36941",
"datePublished": "2024-05-30T15:29:28.687Z",
"dateReserved": "2024-05-30T15:25:07.072Z",
"dateUpdated": "2026-05-11T20:17:28.370Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-36946 (GCVE-0-2024-36946)
Vulnerability from cvelistv5 – Published: 2024-05-30 15:35 – Updated: 2026-05-11 20:17
VLAI
EPSS
Title
phonet: fix rtm_phonet_notify() skb allocation
Summary
In the Linux kernel, the following vulnerability has been resolved:
phonet: fix rtm_phonet_notify() skb allocation
fill_route() stores three components in the skb:
- struct rtmsg
- RTA_DST (u8)
- RTA_OIF (u32)
Therefore, rtm_phonet_notify() should use
NLMSG_ALIGN(sizeof(struct rtmsg)) +
nla_total_size(1) +
nla_total_size(4)
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
11 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
f062f41d06575744b9eaf725eef8a5d3b5f5b7ca , < ec1f71c05caeba0f814df77e0f511d8b4618623a
(git)
Affected: f062f41d06575744b9eaf725eef8a5d3b5f5b7ca , < dc6beac059f0331de97155a89d84058d4a9e49c7 (git) Affected: f062f41d06575744b9eaf725eef8a5d3b5f5b7ca , < f085e02f0a32f6dfcfabc6535c9c4a1707cef86b (git) Affected: f062f41d06575744b9eaf725eef8a5d3b5f5b7ca , < 4ff334cade9dae50e4be387f71e94fae634aa9b4 (git) Affected: f062f41d06575744b9eaf725eef8a5d3b5f5b7ca , < 728a83160f98ee6b60df0d890141b9b7240182fe (git) Affected: f062f41d06575744b9eaf725eef8a5d3b5f5b7ca , < ee9e39a6cb3ca2a3d35b4ae25547ee3526a44d00 (git) Affected: f062f41d06575744b9eaf725eef8a5d3b5f5b7ca , < 9a77226440008cf04ba68faf641a2d50f4998137 (git) Affected: f062f41d06575744b9eaf725eef8a5d3b5f5b7ca , < d8cac8568618dcb8a51af3db1103e8d4cc4aeea7 (git) |
|
| Linux | Linux |
Affected:
2.6.33
Unaffected: 0 , < 2.6.33 (semver) Unaffected: 4.19.314 , ≤ 4.19.* (semver) Unaffected: 5.4.276 , ≤ 5.4.* (semver) Unaffected: 5.10.217 , ≤ 5.10.* (semver) Unaffected: 5.15.159 , ≤ 5.15.* (semver) Unaffected: 6.1.91 , ≤ 6.1.* (semver) Unaffected: 6.6.31 , ≤ 6.6.* (semver) Unaffected: 6.8.10 , ≤ 6.8.* (semver) Unaffected: 6.9 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-10-04T15:02:48.811Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ec1f71c05caeba0f814df77e0f511d8b4618623a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dc6beac059f0331de97155a89d84058d4a9e49c7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f085e02f0a32f6dfcfabc6535c9c4a1707cef86b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4ff334cade9dae50e4be387f71e94fae634aa9b4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/728a83160f98ee6b60df0d890141b9b7240182fe"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ee9e39a6cb3ca2a3d35b4ae25547ee3526a44d00"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9a77226440008cf04ba68faf641a2d50f4998137"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d8cac8568618dcb8a51af3db1103e8d4cc4aeea7"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20241004-0002/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36946",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:15:45.186553Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:59.537Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/phonet/pn_netlink.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ec1f71c05caeba0f814df77e0f511d8b4618623a",
"status": "affected",
"version": "f062f41d06575744b9eaf725eef8a5d3b5f5b7ca",
"versionType": "git"
},
{
"lessThan": "dc6beac059f0331de97155a89d84058d4a9e49c7",
"status": "affected",
"version": "f062f41d06575744b9eaf725eef8a5d3b5f5b7ca",
"versionType": "git"
},
{
"lessThan": "f085e02f0a32f6dfcfabc6535c9c4a1707cef86b",
"status": "affected",
"version": "f062f41d06575744b9eaf725eef8a5d3b5f5b7ca",
"versionType": "git"
},
{
"lessThan": "4ff334cade9dae50e4be387f71e94fae634aa9b4",
"status": "affected",
"version": "f062f41d06575744b9eaf725eef8a5d3b5f5b7ca",
"versionType": "git"
},
{
"lessThan": "728a83160f98ee6b60df0d890141b9b7240182fe",
"status": "affected",
"version": "f062f41d06575744b9eaf725eef8a5d3b5f5b7ca",
"versionType": "git"
},
{
"lessThan": "ee9e39a6cb3ca2a3d35b4ae25547ee3526a44d00",
"status": "affected",
"version": "f062f41d06575744b9eaf725eef8a5d3b5f5b7ca",
"versionType": "git"
},
{
"lessThan": "9a77226440008cf04ba68faf641a2d50f4998137",
"status": "affected",
"version": "f062f41d06575744b9eaf725eef8a5d3b5f5b7ca",
"versionType": "git"
},
{
"lessThan": "d8cac8568618dcb8a51af3db1103e8d4cc4aeea7",
"status": "affected",
"version": "f062f41d06575744b9eaf725eef8a5d3b5f5b7ca",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/phonet/pn_netlink.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.33"
},
{
"lessThan": "2.6.33",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.314",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.276",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.217",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.314",
"versionStartIncluding": "2.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.276",
"versionStartIncluding": "2.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.217",
"versionStartIncluding": "2.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.159",
"versionStartIncluding": "2.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.91",
"versionStartIncluding": "2.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.31",
"versionStartIncluding": "2.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.10",
"versionStartIncluding": "2.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "2.6.33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nphonet: fix rtm_phonet_notify() skb allocation\n\nfill_route() stores three components in the skb:\n\n- struct rtmsg\n- RTA_DST (u8)\n- RTA_OIF (u32)\n\nTherefore, rtm_phonet_notify() should use\n\nNLMSG_ALIGN(sizeof(struct rtmsg)) +\nnla_total_size(1) +\nnla_total_size(4)"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:17:33.286Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ec1f71c05caeba0f814df77e0f511d8b4618623a"
},
{
"url": "https://git.kernel.org/stable/c/dc6beac059f0331de97155a89d84058d4a9e49c7"
},
{
"url": "https://git.kernel.org/stable/c/f085e02f0a32f6dfcfabc6535c9c4a1707cef86b"
},
{
"url": "https://git.kernel.org/stable/c/4ff334cade9dae50e4be387f71e94fae634aa9b4"
},
{
"url": "https://git.kernel.org/stable/c/728a83160f98ee6b60df0d890141b9b7240182fe"
},
{
"url": "https://git.kernel.org/stable/c/ee9e39a6cb3ca2a3d35b4ae25547ee3526a44d00"
},
{
"url": "https://git.kernel.org/stable/c/9a77226440008cf04ba68faf641a2d50f4998137"
},
{
"url": "https://git.kernel.org/stable/c/d8cac8568618dcb8a51af3db1103e8d4cc4aeea7"
}
],
"title": "phonet: fix rtm_phonet_notify() skb allocation",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36946",
"datePublished": "2024-05-30T15:35:43.884Z",
"dateReserved": "2024-05-30T15:25:07.079Z",
"dateUpdated": "2026-05-11T20:17:33.286Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-36950 (GCVE-0-2024-36950)
Vulnerability from cvelistv5 – Published: 2024-05-30 15:35 – Updated: 2026-05-11 20:17
VLAI
EPSS
Title
firewire: ohci: mask bus reset interrupts between ISR and bottom half
Summary
In the Linux kernel, the following vulnerability has been resolved:
firewire: ohci: mask bus reset interrupts between ISR and bottom half
In the FireWire OHCI interrupt handler, if a bus reset interrupt has
occurred, mask bus reset interrupts until bus_reset_work has serviced and
cleared the interrupt.
Normally, we always leave bus reset interrupts masked. We infer the bus
reset from the self-ID interrupt that happens shortly thereafter. A
scenario where we unmask bus reset interrupts was introduced in 2008 in
a007bb857e0b26f5d8b73c2ff90782d9c0972620: If
OHCI_PARAM_DEBUG_BUSRESETS (8) is set in the debug parameter bitmask, we
will unmask bus reset interrupts so we can log them.
irq_handler logs the bus reset interrupt. However, we can't clear the bus
reset event flag in irq_handler, because we won't service the event until
later. irq_handler exits with the event flag still set. If the
corresponding interrupt is still unmasked, the first bus reset will
usually freeze the system due to irq_handler being called again each
time it exits. This freeze can be reproduced by loading firewire_ohci
with "modprobe firewire_ohci debug=-1" (to enable all debugging output).
Apparently there are also some cases where bus_reset_work will get called
soon enough to clear the event, and operation will continue normally.
This freeze was first reported a few months after a007bb85 was committed,
but until now it was never fixed. The debug level could safely be set
to -1 through sysfs after the module was loaded, but this would be
ineffectual in logging bus reset interrupts since they were only
unmasked during initialization.
irq_handler will now leave the event flag set but mask bus reset
interrupts, so irq_handler won't be called again and there will be no
freeze. If OHCI_PARAM_DEBUG_BUSRESETS is enabled, bus_reset_work will
unmask the interrupt after servicing the event, so future interrupts
will be caught as desired.
As a side effect to this change, OHCI_PARAM_DEBUG_BUSRESETS can now be
enabled through sysfs in addition to during initial module loading.
However, when enabled through sysfs, logging of bus reset interrupts will
be effective only starting with the second bus reset, after
bus_reset_work has executed.
Severity
4.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
10 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
a007bb857e0b26f5d8b73c2ff90782d9c0972620 , < b3948c69d60279fce5b2eeda92a07d66296c8130
(git)
Affected: a007bb857e0b26f5d8b73c2ff90782d9c0972620 , < 31279bbca40d2f40cb3bbb6d538ec9620a645dec (git) Affected: a007bb857e0b26f5d8b73c2ff90782d9c0972620 , < fa273f312334246c909475c5868e6daab889cc8c (git) Affected: a007bb857e0b26f5d8b73c2ff90782d9c0972620 , < 4f9cc355c328fc4f41cbd9c4cd58b235184fa420 (git) Affected: a007bb857e0b26f5d8b73c2ff90782d9c0972620 , < 6fafe3661712b143d9c69a7322294bd53f559d5d (git) Affected: a007bb857e0b26f5d8b73c2ff90782d9c0972620 , < 5982887de60c1b84f9c0ca07c835814d07fd1da0 (git) Affected: a007bb857e0b26f5d8b73c2ff90782d9c0972620 , < 8643332aac0576581cfdf01798ea3e4e0d624b61 (git) Affected: a007bb857e0b26f5d8b73c2ff90782d9c0972620 , < 752e3c53de0fa3b7d817a83050b6699b8e9c6ec9 (git) |
|
| Linux | Linux |
Affected:
2.6.26
Unaffected: 0 , < 2.6.26 (semver) Unaffected: 4.19.314 , ≤ 4.19.* (semver) Unaffected: 5.4.276 , ≤ 5.4.* (semver) Unaffected: 5.10.217 , ≤ 5.10.* (semver) Unaffected: 5.15.159 , ≤ 5.15.* (semver) Unaffected: 6.1.91 , ≤ 6.1.* (semver) Unaffected: 6.6.31 , ≤ 6.6.* (semver) Unaffected: 6.8.10 , ≤ 6.8.* (semver) Unaffected: 6.9 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-36950",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-04T15:34:28.122404Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-20T14:13:44.582Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.561Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b3948c69d60279fce5b2eeda92a07d66296c8130"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/31279bbca40d2f40cb3bbb6d538ec9620a645dec"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fa273f312334246c909475c5868e6daab889cc8c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4f9cc355c328fc4f41cbd9c4cd58b235184fa420"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6fafe3661712b143d9c69a7322294bd53f559d5d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5982887de60c1b84f9c0ca07c835814d07fd1da0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8643332aac0576581cfdf01798ea3e4e0d624b61"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/752e3c53de0fa3b7d817a83050b6699b8e9c6ec9"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/firewire/ohci.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b3948c69d60279fce5b2eeda92a07d66296c8130",
"status": "affected",
"version": "a007bb857e0b26f5d8b73c2ff90782d9c0972620",
"versionType": "git"
},
{
"lessThan": "31279bbca40d2f40cb3bbb6d538ec9620a645dec",
"status": "affected",
"version": "a007bb857e0b26f5d8b73c2ff90782d9c0972620",
"versionType": "git"
},
{
"lessThan": "fa273f312334246c909475c5868e6daab889cc8c",
"status": "affected",
"version": "a007bb857e0b26f5d8b73c2ff90782d9c0972620",
"versionType": "git"
},
{
"lessThan": "4f9cc355c328fc4f41cbd9c4cd58b235184fa420",
"status": "affected",
"version": "a007bb857e0b26f5d8b73c2ff90782d9c0972620",
"versionType": "git"
},
{
"lessThan": "6fafe3661712b143d9c69a7322294bd53f559d5d",
"status": "affected",
"version": "a007bb857e0b26f5d8b73c2ff90782d9c0972620",
"versionType": "git"
},
{
"lessThan": "5982887de60c1b84f9c0ca07c835814d07fd1da0",
"status": "affected",
"version": "a007bb857e0b26f5d8b73c2ff90782d9c0972620",
"versionType": "git"
},
{
"lessThan": "8643332aac0576581cfdf01798ea3e4e0d624b61",
"status": "affected",
"version": "a007bb857e0b26f5d8b73c2ff90782d9c0972620",
"versionType": "git"
},
{
"lessThan": "752e3c53de0fa3b7d817a83050b6699b8e9c6ec9",
"status": "affected",
"version": "a007bb857e0b26f5d8b73c2ff90782d9c0972620",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/firewire/ohci.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.26"
},
{
"lessThan": "2.6.26",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.314",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.276",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.217",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.314",
"versionStartIncluding": "2.6.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.276",
"versionStartIncluding": "2.6.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.217",
"versionStartIncluding": "2.6.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.159",
"versionStartIncluding": "2.6.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.91",
"versionStartIncluding": "2.6.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.31",
"versionStartIncluding": "2.6.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.10",
"versionStartIncluding": "2.6.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "2.6.26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirewire: ohci: mask bus reset interrupts between ISR and bottom half\n\nIn the FireWire OHCI interrupt handler, if a bus reset interrupt has\noccurred, mask bus reset interrupts until bus_reset_work has serviced and\ncleared the interrupt.\n\nNormally, we always leave bus reset interrupts masked. We infer the bus\nreset from the self-ID interrupt that happens shortly thereafter. A\nscenario where we unmask bus reset interrupts was introduced in 2008 in\na007bb857e0b26f5d8b73c2ff90782d9c0972620: If\nOHCI_PARAM_DEBUG_BUSRESETS (8) is set in the debug parameter bitmask, we\nwill unmask bus reset interrupts so we can log them.\n\nirq_handler logs the bus reset interrupt. However, we can\u0027t clear the bus\nreset event flag in irq_handler, because we won\u0027t service the event until\nlater. irq_handler exits with the event flag still set. If the\ncorresponding interrupt is still unmasked, the first bus reset will\nusually freeze the system due to irq_handler being called again each\ntime it exits. This freeze can be reproduced by loading firewire_ohci\nwith \"modprobe firewire_ohci debug=-1\" (to enable all debugging output).\nApparently there are also some cases where bus_reset_work will get called\nsoon enough to clear the event, and operation will continue normally.\n\nThis freeze was first reported a few months after a007bb85 was committed,\nbut until now it was never fixed. The debug level could safely be set\nto -1 through sysfs after the module was loaded, but this would be\nineffectual in logging bus reset interrupts since they were only\nunmasked during initialization.\n\nirq_handler will now leave the event flag set but mask bus reset\ninterrupts, so irq_handler won\u0027t be called again and there will be no\nfreeze. If OHCI_PARAM_DEBUG_BUSRESETS is enabled, bus_reset_work will\nunmask the interrupt after servicing the event, so future interrupts\nwill be caught as desired.\n\nAs a side effect to this change, OHCI_PARAM_DEBUG_BUSRESETS can now be\nenabled through sysfs in addition to during initial module loading.\nHowever, when enabled through sysfs, logging of bus reset interrupts will\nbe effective only starting with the second bus reset, after\nbus_reset_work has executed."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:17:37.975Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b3948c69d60279fce5b2eeda92a07d66296c8130"
},
{
"url": "https://git.kernel.org/stable/c/31279bbca40d2f40cb3bbb6d538ec9620a645dec"
},
{
"url": "https://git.kernel.org/stable/c/fa273f312334246c909475c5868e6daab889cc8c"
},
{
"url": "https://git.kernel.org/stable/c/4f9cc355c328fc4f41cbd9c4cd58b235184fa420"
},
{
"url": "https://git.kernel.org/stable/c/6fafe3661712b143d9c69a7322294bd53f559d5d"
},
{
"url": "https://git.kernel.org/stable/c/5982887de60c1b84f9c0ca07c835814d07fd1da0"
},
{
"url": "https://git.kernel.org/stable/c/8643332aac0576581cfdf01798ea3e4e0d624b61"
},
{
"url": "https://git.kernel.org/stable/c/752e3c53de0fa3b7d817a83050b6699b8e9c6ec9"
}
],
"title": "firewire: ohci: mask bus reset interrupts between ISR and bottom half",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36950",
"datePublished": "2024-05-30T15:35:46.262Z",
"dateReserved": "2024-05-30T15:25:07.079Z",
"dateUpdated": "2026-05-11T20:17:37.975Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-36953 (GCVE-0-2024-36953)
Vulnerability from cvelistv5 – Published: 2024-05-30 15:35 – Updated: 2026-05-11 20:17
VLAI
EPSS
Title
KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr()
Summary
In the Linux kernel, the following vulnerability has been resolved:
KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr()
vgic_v2_parse_attr() is responsible for finding the vCPU that matches
the user-provided CPUID, which (of course) may not be valid. If the ID
is invalid, kvm_get_vcpu_by_id() returns NULL, which isn't handled
gracefully.
Similar to the GICv3 uaccess flow, check that kvm_get_vcpu_by_id()
actually returns something and fail the ioctl if not.
Severity
4.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
7 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
7d450e2821710718fd6703e9c486249cee913bab , < 4404465a1bee3607ad90a4c5f9e16dfd75b85728
(git)
Affected: 7d450e2821710718fd6703e9c486249cee913bab , < 17db92da8be5dd3bf63c01f4109fe47db64fc66f (git) Affected: 7d450e2821710718fd6703e9c486249cee913bab , < 3a5b0378ac6776c7c31b18e0f3c1389bd6005e80 (git) Affected: 7d450e2821710718fd6703e9c486249cee913bab , < 8d6a1c8e3de36cb0f5e866f1a582b00939e23104 (git) Affected: 7d450e2821710718fd6703e9c486249cee913bab , < 01981276d64e542c177b243f7c979fee855d5487 (git) Affected: 7d450e2821710718fd6703e9c486249cee913bab , < 6ddb4f372fc63210034b903d96ebbeb3c7195adb (git) |
|
| Linux | Linux |
Affected:
4.7
Unaffected: 0 , < 4.7 (semver) Unaffected: 5.10.217 , ≤ 5.10.* (semver) Unaffected: 5.15.159 , ≤ 5.15.* (semver) Unaffected: 6.1.91 , ≤ 6.1.* (semver) Unaffected: 6.6.31 , ≤ 6.6.* (semver) Unaffected: 6.8.10 , ≤ 6.8.* (semver) Unaffected: 6.9 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-36953",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-31T18:25:29.061156Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T18:46:17.103Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.563Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4404465a1bee3607ad90a4c5f9e16dfd75b85728"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/17db92da8be5dd3bf63c01f4109fe47db64fc66f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3a5b0378ac6776c7c31b18e0f3c1389bd6005e80"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8d6a1c8e3de36cb0f5e866f1a582b00939e23104"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/01981276d64e542c177b243f7c979fee855d5487"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6ddb4f372fc63210034b903d96ebbeb3c7195adb"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/arm64/kvm/vgic/vgic-kvm-device.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4404465a1bee3607ad90a4c5f9e16dfd75b85728",
"status": "affected",
"version": "7d450e2821710718fd6703e9c486249cee913bab",
"versionType": "git"
},
{
"lessThan": "17db92da8be5dd3bf63c01f4109fe47db64fc66f",
"status": "affected",
"version": "7d450e2821710718fd6703e9c486249cee913bab",
"versionType": "git"
},
{
"lessThan": "3a5b0378ac6776c7c31b18e0f3c1389bd6005e80",
"status": "affected",
"version": "7d450e2821710718fd6703e9c486249cee913bab",
"versionType": "git"
},
{
"lessThan": "8d6a1c8e3de36cb0f5e866f1a582b00939e23104",
"status": "affected",
"version": "7d450e2821710718fd6703e9c486249cee913bab",
"versionType": "git"
},
{
"lessThan": "01981276d64e542c177b243f7c979fee855d5487",
"status": "affected",
"version": "7d450e2821710718fd6703e9c486249cee913bab",
"versionType": "git"
},
{
"lessThan": "6ddb4f372fc63210034b903d96ebbeb3c7195adb",
"status": "affected",
"version": "7d450e2821710718fd6703e9c486249cee913bab",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/arm64/kvm/vgic/vgic-kvm-device.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.7"
},
{
"lessThan": "4.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.217",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.217",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.159",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.91",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.31",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.10",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "4.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr()\n\nvgic_v2_parse_attr() is responsible for finding the vCPU that matches\nthe user-provided CPUID, which (of course) may not be valid. If the ID\nis invalid, kvm_get_vcpu_by_id() returns NULL, which isn\u0027t handled\ngracefully.\n\nSimilar to the GICv3 uaccess flow, check that kvm_get_vcpu_by_id()\nactually returns something and fail the ioctl if not."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:17:41.394Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4404465a1bee3607ad90a4c5f9e16dfd75b85728"
},
{
"url": "https://git.kernel.org/stable/c/17db92da8be5dd3bf63c01f4109fe47db64fc66f"
},
{
"url": "https://git.kernel.org/stable/c/3a5b0378ac6776c7c31b18e0f3c1389bd6005e80"
},
{
"url": "https://git.kernel.org/stable/c/8d6a1c8e3de36cb0f5e866f1a582b00939e23104"
},
{
"url": "https://git.kernel.org/stable/c/01981276d64e542c177b243f7c979fee855d5487"
},
{
"url": "https://git.kernel.org/stable/c/6ddb4f372fc63210034b903d96ebbeb3c7195adb"
}
],
"title": "KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36953",
"datePublished": "2024-05-30T15:35:48.070Z",
"dateReserved": "2024-05-30T15:25:07.080Z",
"dateUpdated": "2026-05-11T20:17:41.394Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-36954 (GCVE-0-2024-36954)
Vulnerability from cvelistv5 – Published: 2024-05-30 15:35 – Updated: 2026-05-23 15:47
VLAI
EPSS
Title
tipc: fix a possible memleak in tipc_buf_append
Summary
In the Linux kernel, the following vulnerability has been resolved:
tipc: fix a possible memleak in tipc_buf_append
__skb_linearize() doesn't free the skb when it fails, so move
'*buf = NULL' after __skb_linearize(), so that the skb can be
freed on the err path.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
10 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
4b1761898861117c97066aea6c58f68a7787f0bf , < 01cd1b7b685751ee422d00d050292a3d277652d6
(git)
Affected: 64d17ec9f1ded042c4b188d15734f33486ed9966 , < 2f87fd9476cf9725d774e6dcb7d17859c6a6d1ae (git) Affected: 6da24cfc83ba4f97ea44fc7ae9999a006101755c , < adbce6d20da6254c86425a8d4359b221b5ccbccd (git) Affected: b7df21cf1b79ab7026f545e7bf837bd5750ac026 , < 42c8471b0566c7539e7dd584b4d0ebd3cec8cb2c (git) Affected: b7df21cf1b79ab7026f545e7bf837bd5750ac026 , < d03a82f4f8144befdc10518e732e2a60b34c870e (git) Affected: b7df21cf1b79ab7026f545e7bf837bd5750ac026 , < 614c5a5ae45a921595952117b2e2bd4d4bf9b574 (git) Affected: b7df21cf1b79ab7026f545e7bf837bd5750ac026 , < 3210d34fda4caff212cb53729e6bd46de604d565 (git) Affected: b7df21cf1b79ab7026f545e7bf837bd5750ac026 , < 97bf6f81b29a8efaf5d0983251a7450e5794370d (git) Affected: b2c8d28c34b3070407cb1741f9ba3f15d0284b8b (git) Affected: 5489f30bb78ff0dafb4229a69632afc2ba20765c (git) Affected: 436d650d374329a591c30339a91fa5078052ed1e (git) Affected: ace300eecbccaa698e2b472843c74a5f33f7dce8 (git) Affected: 4.19.193 , < 4.19.314 (semver) Affected: 5.4.124 , < 5.4.276 (semver) Affected: 5.10.42 , < 5.10.217 (semver) Affected: 4.4.271 , < 4.5 (semver) Affected: 4.9.271 , < 4.10 (semver) Affected: 4.14.235 , < 4.15 (semver) Affected: 5.12.9 , < 5.13 (semver) |
|
| Linux | Linux |
Affected:
5.13
Unaffected: 0 , < 5.13 (semver) Unaffected: 4.19.314 , ≤ 4.19.* (semver) Unaffected: 5.4.276 , ≤ 5.4.* (semver) Unaffected: 5.10.217 , ≤ 5.10.* (semver) Unaffected: 5.15.159 , ≤ 5.15.* (semver) Unaffected: 6.1.91 , ≤ 6.1.* (semver) Unaffected: 6.6.31 , ≤ 6.6.* (semver) Unaffected: 6.8.10 , ≤ 6.8.* (semver) Unaffected: 6.9 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.499Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/01cd1b7b685751ee422d00d050292a3d277652d6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2f87fd9476cf9725d774e6dcb7d17859c6a6d1ae"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/adbce6d20da6254c86425a8d4359b221b5ccbccd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/42c8471b0566c7539e7dd584b4d0ebd3cec8cb2c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d03a82f4f8144befdc10518e732e2a60b34c870e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/614c5a5ae45a921595952117b2e2bd4d4bf9b574"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3210d34fda4caff212cb53729e6bd46de604d565"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/97bf6f81b29a8efaf5d0983251a7450e5794370d"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36954",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:15:38.594682Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:59.306Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/tipc/msg.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "01cd1b7b685751ee422d00d050292a3d277652d6",
"status": "affected",
"version": "4b1761898861117c97066aea6c58f68a7787f0bf",
"versionType": "git"
},
{
"lessThan": "2f87fd9476cf9725d774e6dcb7d17859c6a6d1ae",
"status": "affected",
"version": "64d17ec9f1ded042c4b188d15734f33486ed9966",
"versionType": "git"
},
{
"lessThan": "adbce6d20da6254c86425a8d4359b221b5ccbccd",
"status": "affected",
"version": "6da24cfc83ba4f97ea44fc7ae9999a006101755c",
"versionType": "git"
},
{
"lessThan": "42c8471b0566c7539e7dd584b4d0ebd3cec8cb2c",
"status": "affected",
"version": "b7df21cf1b79ab7026f545e7bf837bd5750ac026",
"versionType": "git"
},
{
"lessThan": "d03a82f4f8144befdc10518e732e2a60b34c870e",
"status": "affected",
"version": "b7df21cf1b79ab7026f545e7bf837bd5750ac026",
"versionType": "git"
},
{
"lessThan": "614c5a5ae45a921595952117b2e2bd4d4bf9b574",
"status": "affected",
"version": "b7df21cf1b79ab7026f545e7bf837bd5750ac026",
"versionType": "git"
},
{
"lessThan": "3210d34fda4caff212cb53729e6bd46de604d565",
"status": "affected",
"version": "b7df21cf1b79ab7026f545e7bf837bd5750ac026",
"versionType": "git"
},
{
"lessThan": "97bf6f81b29a8efaf5d0983251a7450e5794370d",
"status": "affected",
"version": "b7df21cf1b79ab7026f545e7bf837bd5750ac026",
"versionType": "git"
},
{
"status": "affected",
"version": "b2c8d28c34b3070407cb1741f9ba3f15d0284b8b",
"versionType": "git"
},
{
"status": "affected",
"version": "5489f30bb78ff0dafb4229a69632afc2ba20765c",
"versionType": "git"
},
{
"status": "affected",
"version": "436d650d374329a591c30339a91fa5078052ed1e",
"versionType": "git"
},
{
"status": "affected",
"version": "ace300eecbccaa698e2b472843c74a5f33f7dce8",
"versionType": "git"
},
{
"lessThan": "4.19.314",
"status": "affected",
"version": "4.19.193",
"versionType": "semver"
},
{
"lessThan": "5.4.276",
"status": "affected",
"version": "5.4.124",
"versionType": "semver"
},
{
"lessThan": "5.10.217",
"status": "affected",
"version": "5.10.42",
"versionType": "semver"
},
{
"lessThan": "4.5",
"status": "affected",
"version": "4.4.271",
"versionType": "semver"
},
{
"lessThan": "4.10",
"status": "affected",
"version": "4.9.271",
"versionType": "semver"
},
{
"lessThan": "4.15",
"status": "affected",
"version": "4.14.235",
"versionType": "semver"
},
{
"lessThan": "5.13",
"status": "affected",
"version": "5.12.9",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/tipc/msg.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.13"
},
{
"lessThan": "5.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.314",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.276",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.217",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.314",
"versionStartIncluding": "4.19.193",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.276",
"versionStartIncluding": "5.4.124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.217",
"versionStartIncluding": "5.10.42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.159",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.91",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.31",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.10",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.4.271",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.9.271",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.14.235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.12.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: fix a possible memleak in tipc_buf_append\n\n__skb_linearize() doesn\u0027t free the skb when it fails, so move\n\u0027*buf = NULL\u0027 after __skb_linearize(), so that the skb can be\nfreed on the err path."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-23T15:47:43.810Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/01cd1b7b685751ee422d00d050292a3d277652d6"
},
{
"url": "https://git.kernel.org/stable/c/2f87fd9476cf9725d774e6dcb7d17859c6a6d1ae"
},
{
"url": "https://git.kernel.org/stable/c/adbce6d20da6254c86425a8d4359b221b5ccbccd"
},
{
"url": "https://git.kernel.org/stable/c/42c8471b0566c7539e7dd584b4d0ebd3cec8cb2c"
},
{
"url": "https://git.kernel.org/stable/c/d03a82f4f8144befdc10518e732e2a60b34c870e"
},
{
"url": "https://git.kernel.org/stable/c/614c5a5ae45a921595952117b2e2bd4d4bf9b574"
},
{
"url": "https://git.kernel.org/stable/c/3210d34fda4caff212cb53729e6bd46de604d565"
},
{
"url": "https://git.kernel.org/stable/c/97bf6f81b29a8efaf5d0983251a7450e5794370d"
}
],
"title": "tipc: fix a possible memleak in tipc_buf_append",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36954",
"datePublished": "2024-05-30T15:35:48.665Z",
"dateReserved": "2024-05-30T15:25:07.080Z",
"dateUpdated": "2026-05-23T15:47:43.810Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-36957 (GCVE-0-2024-36957)
Vulnerability from cvelistv5 – Published: 2024-05-30 15:35 – Updated: 2026-05-23 15:47
VLAI
EPSS
Title
octeontx2-af: avoid off-by-one read from userspace
Summary
In the Linux kernel, the following vulnerability has been resolved:
octeontx2-af: avoid off-by-one read from userspace
We try to access count + 1 byte from userspace with memdup_user(buffer,
count + 1). However, the userspace only provides buffer of count bytes and
only these count bytes are verified to be okay to access. To ensure the
copied buffer is NUL terminated, we use memdup_user_nul instead.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
7 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
dae49384d0d7695540e2d75168f323cef1384810 , < bcdac70adceb44373da204c3c297f2a98e13216e
(git)
Affected: 3a2eb515d1367c0f667b76089a6e727279c688b8 , < ec697fbd38cbe2eef0948b58673b146caa95402f (git) Affected: 3a2eb515d1367c0f667b76089a6e727279c688b8 , < 8f11fe3ea3fc261640cfc8a5addd838000407c67 (git) Affected: 3a2eb515d1367c0f667b76089a6e727279c688b8 , < 0a0285cee11c7dcc2657bcd456e469958a5009e7 (git) Affected: 3a2eb515d1367c0f667b76089a6e727279c688b8 , < fc3e0076c1f82fe981d321e3a7bad4cbee542c19 (git) Affected: 3a2eb515d1367c0f667b76089a6e727279c688b8 , < f299ee709fb45036454ca11e90cb2810fe771878 (git) Affected: c9a2ed3fdd037314a71e6a6ba5d99a3605f6f9c7 (git) Affected: 5.10.20 , < 5.10.217 (semver) Affected: 5.11.3 , < 5.12 (semver) |
|
| Linux | Linux |
Affected:
5.12
Unaffected: 0 , < 5.12 (semver) Unaffected: 5.10.217 , ≤ 5.10.* (semver) Unaffected: 5.15.159 , ≤ 5.15.* (semver) Unaffected: 6.1.91 , ≤ 6.1.* (semver) Unaffected: 6.6.31 , ≤ 6.6.* (semver) Unaffected: 6.8.10 , ≤ 6.8.* (semver) Unaffected: 6.9 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36957",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-05T18:14:35.481589Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-05T18:14:45.699Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.509Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bcdac70adceb44373da204c3c297f2a98e13216e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ec697fbd38cbe2eef0948b58673b146caa95402f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8f11fe3ea3fc261640cfc8a5addd838000407c67"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0a0285cee11c7dcc2657bcd456e469958a5009e7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fc3e0076c1f82fe981d321e3a7bad4cbee542c19"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f299ee709fb45036454ca11e90cb2810fe771878"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/marvell/octeontx2/af/rvu_debugfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "bcdac70adceb44373da204c3c297f2a98e13216e",
"status": "affected",
"version": "dae49384d0d7695540e2d75168f323cef1384810",
"versionType": "git"
},
{
"lessThan": "ec697fbd38cbe2eef0948b58673b146caa95402f",
"status": "affected",
"version": "3a2eb515d1367c0f667b76089a6e727279c688b8",
"versionType": "git"
},
{
"lessThan": "8f11fe3ea3fc261640cfc8a5addd838000407c67",
"status": "affected",
"version": "3a2eb515d1367c0f667b76089a6e727279c688b8",
"versionType": "git"
},
{
"lessThan": "0a0285cee11c7dcc2657bcd456e469958a5009e7",
"status": "affected",
"version": "3a2eb515d1367c0f667b76089a6e727279c688b8",
"versionType": "git"
},
{
"lessThan": "fc3e0076c1f82fe981d321e3a7bad4cbee542c19",
"status": "affected",
"version": "3a2eb515d1367c0f667b76089a6e727279c688b8",
"versionType": "git"
},
{
"lessThan": "f299ee709fb45036454ca11e90cb2810fe771878",
"status": "affected",
"version": "3a2eb515d1367c0f667b76089a6e727279c688b8",
"versionType": "git"
},
{
"status": "affected",
"version": "c9a2ed3fdd037314a71e6a6ba5d99a3605f6f9c7",
"versionType": "git"
},
{
"lessThan": "5.10.217",
"status": "affected",
"version": "5.10.20",
"versionType": "semver"
},
{
"lessThan": "5.12",
"status": "affected",
"version": "5.11.3",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/marvell/octeontx2/af/rvu_debugfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.12"
},
{
"lessThan": "5.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.217",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.217",
"versionStartIncluding": "5.10.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.159",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.91",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.31",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.10",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-af: avoid off-by-one read from userspace\n\nWe try to access count + 1 byte from userspace with memdup_user(buffer,\ncount + 1). However, the userspace only provides buffer of count bytes and\nonly these count bytes are verified to be okay to access. To ensure the\ncopied buffer is NUL terminated, we use memdup_user_nul instead."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-23T15:47:48.972Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/bcdac70adceb44373da204c3c297f2a98e13216e"
},
{
"url": "https://git.kernel.org/stable/c/ec697fbd38cbe2eef0948b58673b146caa95402f"
},
{
"url": "https://git.kernel.org/stable/c/8f11fe3ea3fc261640cfc8a5addd838000407c67"
},
{
"url": "https://git.kernel.org/stable/c/0a0285cee11c7dcc2657bcd456e469958a5009e7"
},
{
"url": "https://git.kernel.org/stable/c/fc3e0076c1f82fe981d321e3a7bad4cbee542c19"
},
{
"url": "https://git.kernel.org/stable/c/f299ee709fb45036454ca11e90cb2810fe771878"
}
],
"title": "octeontx2-af: avoid off-by-one read from userspace",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36957",
"datePublished": "2024-05-30T15:35:50.445Z",
"dateReserved": "2024-05-30T15:25:07.080Z",
"dateUpdated": "2026-05-23T15:47:48.972Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…