Vulnerability-Lookup

CERTFR-2024-AVI-0694

Vulnerability from certfr_avis - Published: 2024-08-16 - Updated: 2024-08-16

De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Ubuntu	Ubuntu	Ubuntu 16.04 ESM
Ubuntu	Ubuntu	Ubuntu 24.04 LTS
Ubuntu	Ubuntu	Ubuntu 20.04 LTS
Ubuntu	Ubuntu	Ubuntu 22.04 LTS

References

Title

Publication Time

CVE-2024-36003 (GCVE-0-2024-36003)

Vulnerability from cvelistv5 – Published: 2024-05-20 09:48 – Updated: 2026-05-23 15:46

Title

ice: fix LAG and VF lock dependency in ice_reset_vf()

Summary

In the Linux kernel, the following vulnerability has been resolved: ice: fix LAG and VF lock dependency in ice_reset_vf() 9f74a3dfcf83 ("ice: Fix VF Reset paths when interface in a failed over aggregate"), the ice driver has acquired the LAG mutex in ice_reset_vf(). The commit placed this lock acquisition just prior to the acquisition of the VF configuration lock. If ice_reset_vf() acquires the configuration lock via the ICE_VF_RESET_LOCK flag, this could deadlock with ice_vc_cfg_qs_msg() because it always acquires the locks in the order of the VF configuration lock and then the LAG mutex. Lockdep reports this violation almost immediately on creating and then removing 2 VF: ====================================================== WARNING: possible circular locking dependency detected 6.8.0-rc6 #54 Tainted: G W O ------------------------------------------------------ kworker/60:3/6771 is trying to acquire lock: ff40d43e099380a0 (&vf->cfg_lock){+.+.}-{3:3}, at: ice_reset_vf+0x22f/0x4d0 [ice] but task is already holding lock: ff40d43ea1961210 (&pf->lag_mutex){+.+.}-{3:3}, at: ice_reset_vf+0xb7/0x4d0 [ice] which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (&pf->lag_mutex){+.+.}-{3:3}: __lock_acquire+0x4f8/0xb40 lock_acquire+0xd4/0x2d0 __mutex_lock+0x9b/0xbf0 ice_vc_cfg_qs_msg+0x45/0x690 [ice] ice_vc_process_vf_msg+0x4f5/0x870 [ice] __ice_clean_ctrlq+0x2b5/0x600 [ice] ice_service_task+0x2c9/0x480 [ice] process_one_work+0x1e9/0x4d0 worker_thread+0x1e1/0x3d0 kthread+0x104/0x140 ret_from_fork+0x31/0x50 ret_from_fork_asm+0x1b/0x30 -> #0 (&vf->cfg_lock){+.+.}-{3:3}: check_prev_add+0xe2/0xc50 validate_chain+0x558/0x800 __lock_acquire+0x4f8/0xb40 lock_acquire+0xd4/0x2d0 __mutex_lock+0x9b/0xbf0 ice_reset_vf+0x22f/0x4d0 [ice] ice_process_vflr_event+0x98/0xd0 [ice] ice_service_task+0x1cc/0x480 [ice] process_one_work+0x1e9/0x4d0 worker_thread+0x1e1/0x3d0 kthread+0x104/0x140 ret_from_fork+0x31/0x50 ret_from_fork_asm+0x1b/0x30 other info that might help us debug this: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&pf->lag_mutex); lock(&vf->cfg_lock); lock(&pf->lag_mutex); lock(&vf->cfg_lock); *** DEADLOCK *** 4 locks held by kworker/60:3/6771: #0: ff40d43e05428b38 ((wq_completion)ice){+.+.}-{0:0}, at: process_one_work+0x176/0x4d0 #1: ff50d06e05197e58 ((work_completion)(&pf->serv_task)){+.+.}-{0:0}, at: process_one_work+0x176/0x4d0 #2: ff40d43ea1960e50 (&pf->vfs.table_lock){+.+.}-{3:3}, at: ice_process_vflr_event+0x48/0xd0 [ice] #3: ff40d43ea1961210 (&pf->lag_mutex){+.+.}-{3:3}, at: ice_reset_vf+0xb7/0x4d0 [ice] stack backtrace: CPU: 60 PID: 6771 Comm: kworker/60:3 Tainted: G W O 6.8.0-rc6 #54 Hardware name: Workqueue: ice ice_service_task [ice] Call Trace: <TASK> dump_stack_lvl+0x4a/0x80 check_noncircular+0x12d/0x150 check_prev_add+0xe2/0xc50 ? save_trace+0x59/0x230 ? add_chain_cache+0x109/0x450 validate_chain+0x558/0x800 __lock_acquire+0x4f8/0xb40 ? lockdep_hardirqs_on+0x7d/0x100 lock_acquire+0xd4/0x2d0 ? ice_reset_vf+0x22f/0x4d0 [ice] ? lock_is_held_type+0xc7/0x120 __mutex_lock+0x9b/0xbf0 ? ice_reset_vf+0x22f/0x4d0 [ice] ? ice_reset_vf+0x22f/0x4d0 [ice] ? rcu_is_watching+0x11/0x50 ? ice_reset_vf+0x22f/0x4d0 [ice] ice_reset_vf+0x22f/0x4d0 [ice] ? process_one_work+0x176/0x4d0 ice_process_vflr_event+0x98/0xd0 [ice] ice_service_task+0x1cc/0x480 [ice] process_one_work+0x1e9/0x4d0 worker_thread+0x1e1/0x3d0 ? __pfx_worker_thread+0x10/0x10 kthread+0x104/0x140 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x31/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 </TASK> To avoid deadlock, we must acquire the LAG ---truncated---

Severity

No CVSS data available.

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

Assigner

Linux

References

3 references

URL	Tags
https://git.kernel.org/stable/c/740717774dc373384…
https://git.kernel.org/stable/c/de8631d8c9df08440…
https://git.kernel.org/stable/c/96fdd1f6b4ed72a74…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: fd7f7a8ad3363fd94fc3868616cc70a1d8dfc01b , < 740717774dc37338404d10726967d582414f638c (git) Affected: 9f74a3dfcf83e11aedcb98250b8040dbc6d9659a , < de8631d8c9df08440268630200e64b623a5f69e6 (git) Affected: 9f74a3dfcf83e11aedcb98250b8040dbc6d9659a , < 96fdd1f6b4ed72a741fb0eb705c0e13049b8721f (git) Affected: 6.6.5 , < 6.6.30 (semver)
Linux	Linux	Affected: 6.7 Unaffected: 0 , < 6.7 (semver) Unaffected: 6.6.30 , ≤ 6.6.* (semver) Unaffected: 6.8.9 , ≤ 6.8.* (semver) Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36003",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-20T14:21:30.887078Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:47:37.057Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:30:12.307Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/740717774dc37338404d10726967d582414f638c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/de8631d8c9df08440268630200e64b623a5f69e6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/96fdd1f6b4ed72a741fb0eb705c0e13049b8721f"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/intel/ice/ice_vf_lib.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "740717774dc37338404d10726967d582414f638c",
              "status": "affected",
              "version": "fd7f7a8ad3363fd94fc3868616cc70a1d8dfc01b",
              "versionType": "git"
            },
            {
              "lessThan": "de8631d8c9df08440268630200e64b623a5f69e6",
              "status": "affected",
              "version": "9f74a3dfcf83e11aedcb98250b8040dbc6d9659a",
              "versionType": "git"
            },
            {
              "lessThan": "96fdd1f6b4ed72a741fb0eb705c0e13049b8721f",
              "status": "affected",
              "version": "9f74a3dfcf83e11aedcb98250b8040dbc6d9659a",
              "versionType": "git"
            },
            {
              "lessThan": "6.6.30",
              "status": "affected",
              "version": "6.6.5",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/intel/ice/ice_vf_lib.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.7"
            },
            {
              "lessThan": "6.7",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.30",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.30",
                  "versionStartIncluding": "6.6.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.9",
                  "versionStartIncluding": "6.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "6.7",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: fix LAG and VF lock dependency in ice_reset_vf()\n\n9f74a3dfcf83 (\"ice: Fix VF Reset paths when interface in a failed over\naggregate\"), the ice driver has acquired the LAG mutex in ice_reset_vf().\nThe commit placed this lock acquisition just prior to the acquisition of\nthe VF configuration lock.\n\nIf ice_reset_vf() acquires the configuration lock via the ICE_VF_RESET_LOCK\nflag, this could deadlock with ice_vc_cfg_qs_msg() because it always\nacquires the locks in the order of the VF configuration lock and then the\nLAG mutex.\n\nLockdep reports this violation almost immediately on creating and then\nremoving 2 VF:\n\n======================================================\nWARNING: possible circular locking dependency detected\n6.8.0-rc6 #54 Tainted: G        W  O\n------------------------------------------------------\nkworker/60:3/6771 is trying to acquire lock:\nff40d43e099380a0 (\u0026vf-\u003ecfg_lock){+.+.}-{3:3}, at: ice_reset_vf+0x22f/0x4d0 [ice]\n\nbut task is already holding lock:\nff40d43ea1961210 (\u0026pf-\u003elag_mutex){+.+.}-{3:3}, at: ice_reset_vf+0xb7/0x4d0 [ice]\n\nwhich lock already depends on the new lock.\n\nthe existing dependency chain (in reverse order) is:\n\n-\u003e #1 (\u0026pf-\u003elag_mutex){+.+.}-{3:3}:\n       __lock_acquire+0x4f8/0xb40\n       lock_acquire+0xd4/0x2d0\n       __mutex_lock+0x9b/0xbf0\n       ice_vc_cfg_qs_msg+0x45/0x690 [ice]\n       ice_vc_process_vf_msg+0x4f5/0x870 [ice]\n       __ice_clean_ctrlq+0x2b5/0x600 [ice]\n       ice_service_task+0x2c9/0x480 [ice]\n       process_one_work+0x1e9/0x4d0\n       worker_thread+0x1e1/0x3d0\n       kthread+0x104/0x140\n       ret_from_fork+0x31/0x50\n       ret_from_fork_asm+0x1b/0x30\n\n-\u003e #0 (\u0026vf-\u003ecfg_lock){+.+.}-{3:3}:\n       check_prev_add+0xe2/0xc50\n       validate_chain+0x558/0x800\n       __lock_acquire+0x4f8/0xb40\n       lock_acquire+0xd4/0x2d0\n       __mutex_lock+0x9b/0xbf0\n       ice_reset_vf+0x22f/0x4d0 [ice]\n       ice_process_vflr_event+0x98/0xd0 [ice]\n       ice_service_task+0x1cc/0x480 [ice]\n       process_one_work+0x1e9/0x4d0\n       worker_thread+0x1e1/0x3d0\n       kthread+0x104/0x140\n       ret_from_fork+0x31/0x50\n       ret_from_fork_asm+0x1b/0x30\n\nother info that might help us debug this:\n Possible unsafe locking scenario:\n       CPU0                    CPU1\n       ----                    ----\n  lock(\u0026pf-\u003elag_mutex);\n                               lock(\u0026vf-\u003ecfg_lock);\n                               lock(\u0026pf-\u003elag_mutex);\n  lock(\u0026vf-\u003ecfg_lock);\n\n *** DEADLOCK ***\n4 locks held by kworker/60:3/6771:\n #0: ff40d43e05428b38 ((wq_completion)ice){+.+.}-{0:0}, at: process_one_work+0x176/0x4d0\n #1: ff50d06e05197e58 ((work_completion)(\u0026pf-\u003eserv_task)){+.+.}-{0:0}, at: process_one_work+0x176/0x4d0\n #2: ff40d43ea1960e50 (\u0026pf-\u003evfs.table_lock){+.+.}-{3:3}, at: ice_process_vflr_event+0x48/0xd0 [ice]\n #3: ff40d43ea1961210 (\u0026pf-\u003elag_mutex){+.+.}-{3:3}, at: ice_reset_vf+0xb7/0x4d0 [ice]\n\nstack backtrace:\nCPU: 60 PID: 6771 Comm: kworker/60:3 Tainted: G        W  O       6.8.0-rc6 #54\nHardware name:\nWorkqueue: ice ice_service_task [ice]\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x4a/0x80\n check_noncircular+0x12d/0x150\n check_prev_add+0xe2/0xc50\n ? save_trace+0x59/0x230\n ? add_chain_cache+0x109/0x450\n validate_chain+0x558/0x800\n __lock_acquire+0x4f8/0xb40\n ? lockdep_hardirqs_on+0x7d/0x100\n lock_acquire+0xd4/0x2d0\n ? ice_reset_vf+0x22f/0x4d0 [ice]\n ? lock_is_held_type+0xc7/0x120\n __mutex_lock+0x9b/0xbf0\n ? ice_reset_vf+0x22f/0x4d0 [ice]\n ? ice_reset_vf+0x22f/0x4d0 [ice]\n ? rcu_is_watching+0x11/0x50\n ? ice_reset_vf+0x22f/0x4d0 [ice]\n ice_reset_vf+0x22f/0x4d0 [ice]\n ? process_one_work+0x176/0x4d0\n ice_process_vflr_event+0x98/0xd0 [ice]\n ice_service_task+0x1cc/0x480 [ice]\n process_one_work+0x1e9/0x4d0\n worker_thread+0x1e1/0x3d0\n ? __pfx_worker_thread+0x10/0x10\n kthread+0x104/0x140\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x31/0x50\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1b/0x30\n \u003c/TASK\u003e\n\nTo avoid deadlock, we must acquire the LAG \n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-23T15:46:12.475Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/740717774dc37338404d10726967d582414f638c"
        },
        {
          "url": "https://git.kernel.org/stable/c/de8631d8c9df08440268630200e64b623a5f69e6"
        },
        {
          "url": "https://git.kernel.org/stable/c/96fdd1f6b4ed72a741fb0eb705c0e13049b8721f"
        }
      ],
      "title": "ice: fix LAG and VF lock dependency in ice_reset_vf()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-36003",
    "datePublished": "2024-05-20T09:48:04.263Z",
    "dateReserved": "2024-05-17T13:50:33.150Z",
    "dateUpdated": "2026-05-23T15:46:12.475Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-36004 (GCVE-0-2024-36004)

Vulnerability from cvelistv5 – Published: 2024-05-20 09:48 – Updated: 2026-05-12 11:53

Title

i40e: Do not use WQ_MEM_RECLAIM flag for workqueue

Summary

In the Linux kernel, the following vulnerability has been resolved: i40e: Do not use WQ_MEM_RECLAIM flag for workqueue Issue reported by customer during SRIOV testing, call trace: When both i40e and the i40iw driver are loaded, a warning in check_flush_dependency is being triggered. This seems to be because of the i40e driver workqueue is allocated with the WQ_MEM_RECLAIM flag, and the i40iw one is not. Similar error was encountered on ice too and it was fixed by removing the flag. Do the same for i40e too. [Feb 9 09:08] ------------[ cut here ]------------ [ +0.000004] workqueue: WQ_MEM_RECLAIM i40e:i40e_service_task [i40e] is flushing !WQ_MEM_RECLAIM infiniband:0x0 [ +0.000060] WARNING: CPU: 0 PID: 937 at kernel/workqueue.c:2966 check_flush_dependency+0x10b/0x120 [ +0.000007] Modules linked in: snd_seq_dummy snd_hrtimer snd_seq snd_timer snd_seq_device snd soundcore nls_utf8 cifs cifs_arc4 nls_ucs2_utils rdma_cm iw_cm ib_cm cifs_md4 dns_resolver netfs qrtr rfkill sunrpc vfat fat intel_rapl_msr intel_rapl_common irdma intel_uncore_frequency intel_uncore_frequency_common ice ipmi_ssif isst_if_common skx_edac nfit libnvdimm x86_pkg_temp_thermal intel_powerclamp gnss coretemp ib_uverbs rapl intel_cstate ib_core iTCO_wdt iTCO_vendor_support acpi_ipmi mei_me ipmi_si intel_uncore ioatdma i2c_i801 joydev pcspkr mei ipmi_devintf lpc_ich intel_pch_thermal i2c_smbus ipmi_msghandler acpi_power_meter acpi_pad xfs libcrc32c ast sd_mod drm_shmem_helper t10_pi drm_kms_helper sg ixgbe drm i40e ahci crct10dif_pclmul libahci crc32_pclmul igb crc32c_intel libata ghash_clmulni_intel i2c_algo_bit mdio dca wmi dm_mirror dm_region_hash dm_log dm_mod fuse [ +0.000050] CPU: 0 PID: 937 Comm: kworker/0:3 Kdump: loaded Not tainted 6.8.0-rc2-Feb-net_dev-Qiueue-00279-gbd43c5687e05 #1 [ +0.000003] Hardware name: Intel Corporation S2600BPB/S2600BPB, BIOS SE5C620.86B.02.01.0013.121520200651 12/15/2020 [ +0.000001] Workqueue: i40e i40e_service_task [i40e] [ +0.000024] RIP: 0010:check_flush_dependency+0x10b/0x120 [ +0.000003] Code: ff 49 8b 54 24 18 48 8d 8b b0 00 00 00 49 89 e8 48 81 c6 b0 00 00 00 48 c7 c7 b0 97 fa 9f c6 05 8a cc 1f 02 01 e8 35 b3 fd ff <0f> 0b e9 10 ff ff ff 80 3d 78 cc 1f 02 00 75 94 e9 46 ff ff ff 90 [ +0.000002] RSP: 0018:ffffbd294976bcf8 EFLAGS: 00010282 [ +0.000002] RAX: 0000000000000000 RBX: ffff94d4c483c000 RCX: 0000000000000027 [ +0.000001] RDX: ffff94d47f620bc8 RSI: 0000000000000001 RDI: ffff94d47f620bc0 [ +0.000001] RBP: 0000000000000000 R08: 0000000000000000 R09: 00000000ffff7fff [ +0.000001] R10: ffffbd294976bb98 R11: ffffffffa0be65e8 R12: ffff94c5451ea180 [ +0.000001] R13: ffff94c5ab5e8000 R14: ffff94c5c20b6e05 R15: ffff94c5f1330ab0 [ +0.000001] FS: 0000000000000000(0000) GS:ffff94d47f600000(0000) knlGS:0000000000000000 [ +0.000002] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ +0.000001] CR2: 00007f9e6f1fca70 CR3: 0000000038e20004 CR4: 00000000007706f0 [ +0.000000] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ +0.000001] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ +0.000001] PKRU: 55555554 [ +0.000001] Call Trace: [ +0.000001] <TASK> [ +0.000002] ? __warn+0x80/0x130 [ +0.000003] ? check_flush_dependency+0x10b/0x120 [ +0.000002] ? report_bug+0x195/0x1a0 [ +0.000005] ? handle_bug+0x3c/0x70 [ +0.000003] ? exc_invalid_op+0x14/0x70 [ +0.000002] ? asm_exc_invalid_op+0x16/0x20 [ +0.000006] ? check_flush_dependency+0x10b/0x120 [ +0.000002] ? check_flush_dependency+0x10b/0x120 [ +0.000002] __flush_workqueue+0x126/0x3f0 [ +0.000015] ib_cache_cleanup_one+0x1c/0xe0 [ib_core] [ +0.000056] __ib_unregister_device+0x6a/0xb0 [ib_core] [ +0.000023] ib_unregister_device_and_put+0x34/0x50 [ib_core] [ +0.000020] i40iw_close+0x4b/0x90 [irdma] [ +0.000022] i40e_notify_client_of_netdev_close+0x54/0xc0 [i40e] [ +0.000035] i40e_service_task+0x126/0x190 [i40e] [ +0.000024] process_one_work+0x174/0x340 [ +0.000003] worker_th ---truncated---

Severity

No CVSS data available.

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

Assigner

Linux

References

11 references

URL	Tags
https://git.kernel.org/stable/c/09b54d29f05129b09…
https://git.kernel.org/stable/c/546d0fe9d76e8229a…
https://git.kernel.org/stable/c/fbbb2404340dd6178…
https://git.kernel.org/stable/c/ff7431f898dd00892…
https://git.kernel.org/stable/c/152ed360cf2d273f8…
https://git.kernel.org/stable/c/8d6105f637883c8c0…
https://git.kernel.org/stable/c/1594dac8b1ed78f9e…
https://git.kernel.org/stable/c/2cc7d150550cc981a…
https://lists.debian.org/debian-lts-announce/2024…	x_transferred
https://lists.debian.org/debian-lts-announce/2024…	x_transferred
https://cert-portal.siemens.com/productcert/html/…

Impacted products

3 products

Vendor	Product	Version
Linux	Linux	Affected: 4d5957cbdecdbb77d24c1465caadd801c07afa4a , < 09b54d29f05129b092f7c793a70b689ffb3c7b2c (git) Affected: 4d5957cbdecdbb77d24c1465caadd801c07afa4a , < 546d0fe9d76e8229a67369f9cb61e961d99038bd (git) Affected: 4d5957cbdecdbb77d24c1465caadd801c07afa4a , < fbbb2404340dd6178e281bd427c271f7d5ec1d22 (git) Affected: 4d5957cbdecdbb77d24c1465caadd801c07afa4a , < ff7431f898dd00892a545b7d0ce7adf5b926944f (git) Affected: 4d5957cbdecdbb77d24c1465caadd801c07afa4a , < 152ed360cf2d273f88fc99a518b7eb868aae2939 (git) Affected: 4d5957cbdecdbb77d24c1465caadd801c07afa4a , < 8d6105f637883c8c09825e962308c06e977de4f0 (git) Affected: 4d5957cbdecdbb77d24c1465caadd801c07afa4a , < 1594dac8b1ed78f9e75c263327e198a2e5e25b0e (git) Affected: 4d5957cbdecdbb77d24c1465caadd801c07afa4a , < 2cc7d150550cc981aceedf008f5459193282425c (git)
Linux	Linux	Affected: 4.14 Unaffected: 0 , < 4.14 (semver) Unaffected: 4.19.313 , ≤ 4.19.* (semver) Unaffected: 5.4.275 , ≤ 5.4.* (semver) Unaffected: 5.10.216 , ≤ 5.10.* (semver) Unaffected: 5.15.158 , ≤ 5.15.* (semver) Unaffected: 6.1.90 , ≤ 6.1.* (semver) Unaffected: 6.6.30 , ≤ 6.6.* (semver) Unaffected: 6.8.9 , ≤ 6.8.* (semver) Unaffected: 6.9 , ≤ * (original_commit_for_fix)
Siemens	SIMATIC S7-1500 TM MFP - GNU/Linux subsystem	Affected: 0 , < * (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36004",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-20T17:00:59.391854Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:47:48.116Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:30:12.511Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/09b54d29f05129b092f7c793a70b689ffb3c7b2c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/546d0fe9d76e8229a67369f9cb61e961d99038bd"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fbbb2404340dd6178e281bd427c271f7d5ec1d22"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ff7431f898dd00892a545b7d0ce7adf5b926944f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/152ed360cf2d273f88fc99a518b7eb868aae2939"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8d6105f637883c8c09825e962308c06e977de4f0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1594dac8b1ed78f9e75c263327e198a2e5e25b0e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2cc7d150550cc981aceedf008f5459193282425c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "defaultStatus": "unknown",
            "product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-12T11:53:33.427Z",
          "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
          "shortName": "siemens-SADP"
        },
        "references": [
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
          }
        ],
        "x_adpType": "supplier"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/intel/i40e/i40e_main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "09b54d29f05129b092f7c793a70b689ffb3c7b2c",
              "status": "affected",
              "version": "4d5957cbdecdbb77d24c1465caadd801c07afa4a",
              "versionType": "git"
            },
            {
              "lessThan": "546d0fe9d76e8229a67369f9cb61e961d99038bd",
              "status": "affected",
              "version": "4d5957cbdecdbb77d24c1465caadd801c07afa4a",
              "versionType": "git"
            },
            {
              "lessThan": "fbbb2404340dd6178e281bd427c271f7d5ec1d22",
              "status": "affected",
              "version": "4d5957cbdecdbb77d24c1465caadd801c07afa4a",
              "versionType": "git"
            },
            {
              "lessThan": "ff7431f898dd00892a545b7d0ce7adf5b926944f",
              "status": "affected",
              "version": "4d5957cbdecdbb77d24c1465caadd801c07afa4a",
              "versionType": "git"
            },
            {
              "lessThan": "152ed360cf2d273f88fc99a518b7eb868aae2939",
              "status": "affected",
              "version": "4d5957cbdecdbb77d24c1465caadd801c07afa4a",
              "versionType": "git"
            },
            {
              "lessThan": "8d6105f637883c8c09825e962308c06e977de4f0",
              "status": "affected",
              "version": "4d5957cbdecdbb77d24c1465caadd801c07afa4a",
              "versionType": "git"
            },
            {
              "lessThan": "1594dac8b1ed78f9e75c263327e198a2e5e25b0e",
              "status": "affected",
              "version": "4d5957cbdecdbb77d24c1465caadd801c07afa4a",
              "versionType": "git"
            },
            {
              "lessThan": "2cc7d150550cc981aceedf008f5459193282425c",
              "status": "affected",
              "version": "4d5957cbdecdbb77d24c1465caadd801c07afa4a",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/intel/i40e/i40e_main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.14"
            },
            {
              "lessThan": "4.14",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.313",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.275",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.216",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.158",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.90",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.30",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.313",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.275",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.216",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.158",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.90",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.30",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.9",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: Do not use WQ_MEM_RECLAIM flag for workqueue\n\nIssue reported by customer during SRIOV testing, call trace:\nWhen both i40e and the i40iw driver are loaded, a warning\nin check_flush_dependency is being triggered. This seems\nto be because of the i40e driver workqueue is allocated with\nthe WQ_MEM_RECLAIM flag, and the i40iw one is not.\n\nSimilar error was encountered on ice too and it was fixed by\nremoving the flag. Do the same for i40e too.\n\n[Feb 9 09:08] ------------[ cut here ]------------\n[  +0.000004] workqueue: WQ_MEM_RECLAIM i40e:i40e_service_task [i40e] is\nflushing !WQ_MEM_RECLAIM infiniband:0x0\n[  +0.000060] WARNING: CPU: 0 PID: 937 at kernel/workqueue.c:2966\ncheck_flush_dependency+0x10b/0x120\n[  +0.000007] Modules linked in: snd_seq_dummy snd_hrtimer snd_seq\nsnd_timer snd_seq_device snd soundcore nls_utf8 cifs cifs_arc4\nnls_ucs2_utils rdma_cm iw_cm ib_cm cifs_md4 dns_resolver netfs qrtr\nrfkill sunrpc vfat fat intel_rapl_msr intel_rapl_common irdma\nintel_uncore_frequency intel_uncore_frequency_common ice ipmi_ssif\nisst_if_common skx_edac nfit libnvdimm x86_pkg_temp_thermal\nintel_powerclamp gnss coretemp ib_uverbs rapl intel_cstate ib_core\niTCO_wdt iTCO_vendor_support acpi_ipmi mei_me ipmi_si intel_uncore\nioatdma i2c_i801 joydev pcspkr mei ipmi_devintf lpc_ich\nintel_pch_thermal i2c_smbus ipmi_msghandler acpi_power_meter acpi_pad\nxfs libcrc32c ast sd_mod drm_shmem_helper t10_pi drm_kms_helper sg ixgbe\ndrm i40e ahci crct10dif_pclmul libahci crc32_pclmul igb crc32c_intel\nlibata ghash_clmulni_intel i2c_algo_bit mdio dca wmi dm_mirror\ndm_region_hash dm_log dm_mod fuse\n[  +0.000050] CPU: 0 PID: 937 Comm: kworker/0:3 Kdump: loaded Not\ntainted 6.8.0-rc2-Feb-net_dev-Qiueue-00279-gbd43c5687e05 #1\n[  +0.000003] Hardware name: Intel Corporation S2600BPB/S2600BPB, BIOS\nSE5C620.86B.02.01.0013.121520200651 12/15/2020\n[  +0.000001] Workqueue: i40e i40e_service_task [i40e]\n[  +0.000024] RIP: 0010:check_flush_dependency+0x10b/0x120\n[  +0.000003] Code: ff 49 8b 54 24 18 48 8d 8b b0 00 00 00 49 89 e8 48\n81 c6 b0 00 00 00 48 c7 c7 b0 97 fa 9f c6 05 8a cc 1f 02 01 e8 35 b3 fd\nff \u003c0f\u003e 0b e9 10 ff ff ff 80 3d 78 cc 1f 02 00 75 94 e9 46 ff ff ff 90\n[  +0.000002] RSP: 0018:ffffbd294976bcf8 EFLAGS: 00010282\n[  +0.000002] RAX: 0000000000000000 RBX: ffff94d4c483c000 RCX:\n0000000000000027\n[  +0.000001] RDX: ffff94d47f620bc8 RSI: 0000000000000001 RDI:\nffff94d47f620bc0\n[  +0.000001] RBP: 0000000000000000 R08: 0000000000000000 R09:\n00000000ffff7fff\n[  +0.000001] R10: ffffbd294976bb98 R11: ffffffffa0be65e8 R12:\nffff94c5451ea180\n[  +0.000001] R13: ffff94c5ab5e8000 R14: ffff94c5c20b6e05 R15:\nffff94c5f1330ab0\n[  +0.000001] FS:  0000000000000000(0000) GS:ffff94d47f600000(0000)\nknlGS:0000000000000000\n[  +0.000002] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[  +0.000001] CR2: 00007f9e6f1fca70 CR3: 0000000038e20004 CR4:\n00000000007706f0\n[  +0.000000] DR0: 0000000000000000 DR1: 0000000000000000 DR2:\n0000000000000000\n[  +0.000001] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7:\n0000000000000400\n[  +0.000001] PKRU: 55555554\n[  +0.000001] Call Trace:\n[  +0.000001]  \u003cTASK\u003e\n[  +0.000002]  ? __warn+0x80/0x130\n[  +0.000003]  ? check_flush_dependency+0x10b/0x120\n[  +0.000002]  ? report_bug+0x195/0x1a0\n[  +0.000005]  ? handle_bug+0x3c/0x70\n[  +0.000003]  ? exc_invalid_op+0x14/0x70\n[  +0.000002]  ? asm_exc_invalid_op+0x16/0x20\n[  +0.000006]  ? check_flush_dependency+0x10b/0x120\n[  +0.000002]  ? check_flush_dependency+0x10b/0x120\n[  +0.000002]  __flush_workqueue+0x126/0x3f0\n[  +0.000015]  ib_cache_cleanup_one+0x1c/0xe0 [ib_core]\n[  +0.000056]  __ib_unregister_device+0x6a/0xb0 [ib_core]\n[  +0.000023]  ib_unregister_device_and_put+0x34/0x50 [ib_core]\n[  +0.000020]  i40iw_close+0x4b/0x90 [irdma]\n[  +0.000022]  i40e_notify_client_of_netdev_close+0x54/0xc0 [i40e]\n[  +0.000035]  i40e_service_task+0x126/0x190 [i40e]\n[  +0.000024]  process_one_work+0x174/0x340\n[  +0.000003]  worker_th\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T20:15:27.150Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/09b54d29f05129b092f7c793a70b689ffb3c7b2c"
        },
        {
          "url": "https://git.kernel.org/stable/c/546d0fe9d76e8229a67369f9cb61e961d99038bd"
        },
        {
          "url": "https://git.kernel.org/stable/c/fbbb2404340dd6178e281bd427c271f7d5ec1d22"
        },
        {
          "url": "https://git.kernel.org/stable/c/ff7431f898dd00892a545b7d0ce7adf5b926944f"
        },
        {
          "url": "https://git.kernel.org/stable/c/152ed360cf2d273f88fc99a518b7eb868aae2939"
        },
        {
          "url": "https://git.kernel.org/stable/c/8d6105f637883c8c09825e962308c06e977de4f0"
        },
        {
          "url": "https://git.kernel.org/stable/c/1594dac8b1ed78f9e75c263327e198a2e5e25b0e"
        },
        {
          "url": "https://git.kernel.org/stable/c/2cc7d150550cc981aceedf008f5459193282425c"
        }
      ],
      "title": "i40e: Do not use WQ_MEM_RECLAIM flag for workqueue",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-36004",
    "datePublished": "2024-05-20T09:48:04.926Z",
    "dateReserved": "2024-05-17T13:50:33.150Z",
    "dateUpdated": "2026-05-12T11:53:33.427Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-36005 (GCVE-0-2024-36005)

Vulnerability from cvelistv5 – Published: 2024-05-20 09:48 – Updated: 2026-05-12 11:53

Title

netfilter: nf_tables: honor table dormant flag from netdev release event path

Summary

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: honor table dormant flag from netdev release event path Check for table dormant flag otherwise netdev release event path tries to unregister an already unregistered hook. [524854.857999] ------------[ cut here ]------------ [524854.858010] WARNING: CPU: 0 PID: 3386599 at net/netfilter/core.c:501 __nf_unregister_net_hook+0x21a/0x260 [...] [524854.858848] CPU: 0 PID: 3386599 Comm: kworker/u32:2 Not tainted 6.9.0-rc3+ #365 [524854.858869] Workqueue: netns cleanup_net [524854.858886] RIP: 0010:__nf_unregister_net_hook+0x21a/0x260 [524854.858903] Code: 24 e8 aa 73 83 ff 48 63 43 1c 83 f8 01 0f 85 3d ff ff ff e8 98 d1 f0 ff 48 8b 3c 24 e8 8f 73 83 ff 48 63 43 1c e9 26 ff ff ff <0f> 0b 48 83 c4 18 48 c7 c7 00 68 e9 82 5b 5d 41 5c 41 5d 41 5e 41 [524854.858914] RSP: 0018:ffff8881e36d79e0 EFLAGS: 00010246 [524854.858926] RAX: 0000000000000000 RBX: ffff8881339ae790 RCX: ffffffff81ba524a [524854.858936] RDX: dffffc0000000000 RSI: 0000000000000008 RDI: ffff8881c8a16438 [524854.858945] RBP: ffff8881c8a16438 R08: 0000000000000001 R09: ffffed103c6daf34 [524854.858954] R10: ffff8881e36d79a7 R11: 0000000000000000 R12: 0000000000000005 [524854.858962] R13: ffff8881c8a16000 R14: 0000000000000000 R15: ffff8881351b5a00 [524854.858971] FS: 0000000000000000(0000) GS:ffff888390800000(0000) knlGS:0000000000000000 [524854.858982] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [524854.858991] CR2: 00007fc9be0f16f4 CR3: 00000001437cc004 CR4: 00000000001706f0 [524854.859000] Call Trace: [524854.859006] <TASK> [524854.859013] ? __warn+0x9f/0x1a0 [524854.859027] ? __nf_unregister_net_hook+0x21a/0x260 [524854.859044] ? report_bug+0x1b1/0x1e0 [524854.859060] ? handle_bug+0x3c/0x70 [524854.859071] ? exc_invalid_op+0x17/0x40 [524854.859083] ? asm_exc_invalid_op+0x1a/0x20 [524854.859100] ? __nf_unregister_net_hook+0x6a/0x260 [524854.859116] ? __nf_unregister_net_hook+0x21a/0x260 [524854.859135] nf_tables_netdev_event+0x337/0x390 [nf_tables] [524854.859304] ? __pfx_nf_tables_netdev_event+0x10/0x10 [nf_tables] [524854.859461] ? packet_notifier+0xb3/0x360 [524854.859476] ? _raw_spin_unlock_irqrestore+0x11/0x40 [524854.859489] ? dcbnl_netdevice_event+0x35/0x140 [524854.859507] ? __pfx_nf_tables_netdev_event+0x10/0x10 [nf_tables] [524854.859661] notifier_call_chain+0x7d/0x140 [524854.859677] unregister_netdevice_many_notify+0x5e1/0xae0

Severity

No CVSS data available.

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

Assigner

Linux

References

9 references

URL	Tags
https://git.kernel.org/stable/c/e4bb6da24de336a78…
https://git.kernel.org/stable/c/5c45feb3c288cf44a…
https://git.kernel.org/stable/c/13ba94f6cc820fdea…
https://git.kernel.org/stable/c/8260c980aee7d8d8a…
https://git.kernel.org/stable/c/ca34c40d1c22c555f…
https://git.kernel.org/stable/c/8e30abc9ace4f0add…
https://lists.debian.org/debian-lts-announce/2024…	x_transferred
https://cert-portal.siemens.com/productcert/html/…
https://cert-portal.siemens.com/productcert/html/…

Impacted products

6 products

Vendor	Product	Version
Linux	Linux	Affected: d54725cd11a57c30f650260cfb0a92c268bdc3e0 , < e4bb6da24de336a7899033a65490ed2d892efa5b (git) Affected: d54725cd11a57c30f650260cfb0a92c268bdc3e0 , < 5c45feb3c288cf44a529e2657b36c259d86497d2 (git) Affected: d54725cd11a57c30f650260cfb0a92c268bdc3e0 , < 13ba94f6cc820fdea15efeaa17d4c722874eebf9 (git) Affected: d54725cd11a57c30f650260cfb0a92c268bdc3e0 , < 8260c980aee7d8d8a3db39faf19c391d2f898816 (git) Affected: d54725cd11a57c30f650260cfb0a92c268bdc3e0 , < ca34c40d1c22c555fa7f4a21a1c807fea7290a0a (git) Affected: d54725cd11a57c30f650260cfb0a92c268bdc3e0 , < 8e30abc9ace4f0add4cd761dfdbfaebae5632dd2 (git)
Linux	Linux	Affected: 5.5 Unaffected: 0 , < 5.5 (semver) Unaffected: 5.10.216 , ≤ 5.10.* (semver) Unaffected: 5.15.158 , ≤ 5.15.* (semver) Unaffected: 6.1.90 , ≤ 6.1.* (semver) Unaffected: 6.6.30 , ≤ 6.6.* (semver) Unaffected: 6.8.9 , ≤ 6.8.* (semver) Unaffected: 6.9 , ≤ * (original_commit_for_fix)
Siemens	RUGGEDCOM RST2428P	Affected: 0 , < V3.1 (custom)
Siemens	SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family	Unaffected: 0 , < * (custom)
Siemens	SCALANCE XCM-/XRM-/XCH-/XRH-300 family	Affected: 0 , < V3.1 (custom)
Siemens	SIMATIC S7-1500 TM MFP - GNU/Linux subsystem	Affected: 0 , < * (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36005",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-20T17:11:00.848539Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:47:43.082Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:30:12.366Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e4bb6da24de336a7899033a65490ed2d892efa5b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5c45feb3c288cf44a529e2657b36c259d86497d2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/13ba94f6cc820fdea15efeaa17d4c722874eebf9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8260c980aee7d8d8a3db39faf19c391d2f898816"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ca34c40d1c22c555fa7f4a21a1c807fea7290a0a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8e30abc9ace4f0add4cd761dfdbfaebae5632dd2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RST2428P",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V3.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XCM-/XRM-/XCH-/XRH-300 family",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V3.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-12T11:53:34.671Z",
          "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
          "shortName": "siemens-SADP"
        },
        "references": [
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
          },
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-613116.html"
          }
        ],
        "x_adpType": "supplier"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/netfilter/nft_chain_filter.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "e4bb6da24de336a7899033a65490ed2d892efa5b",
              "status": "affected",
              "version": "d54725cd11a57c30f650260cfb0a92c268bdc3e0",
              "versionType": "git"
            },
            {
              "lessThan": "5c45feb3c288cf44a529e2657b36c259d86497d2",
              "status": "affected",
              "version": "d54725cd11a57c30f650260cfb0a92c268bdc3e0",
              "versionType": "git"
            },
            {
              "lessThan": "13ba94f6cc820fdea15efeaa17d4c722874eebf9",
              "status": "affected",
              "version": "d54725cd11a57c30f650260cfb0a92c268bdc3e0",
              "versionType": "git"
            },
            {
              "lessThan": "8260c980aee7d8d8a3db39faf19c391d2f898816",
              "status": "affected",
              "version": "d54725cd11a57c30f650260cfb0a92c268bdc3e0",
              "versionType": "git"
            },
            {
              "lessThan": "ca34c40d1c22c555fa7f4a21a1c807fea7290a0a",
              "status": "affected",
              "version": "d54725cd11a57c30f650260cfb0a92c268bdc3e0",
              "versionType": "git"
            },
            {
              "lessThan": "8e30abc9ace4f0add4cd761dfdbfaebae5632dd2",
              "status": "affected",
              "version": "d54725cd11a57c30f650260cfb0a92c268bdc3e0",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/netfilter/nft_chain_filter.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.5"
            },
            {
              "lessThan": "5.5",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.216",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.158",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.90",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.30",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.216",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.158",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.90",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.30",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.9",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: honor table dormant flag from netdev release event path\n\nCheck for table dormant flag otherwise netdev release event path tries\nto unregister an already unregistered hook.\n\n[524854.857999] ------------[ cut here ]------------\n[524854.858010] WARNING: CPU: 0 PID: 3386599 at net/netfilter/core.c:501 __nf_unregister_net_hook+0x21a/0x260\n[...]\n[524854.858848] CPU: 0 PID: 3386599 Comm: kworker/u32:2 Not tainted 6.9.0-rc3+ #365\n[524854.858869] Workqueue: netns cleanup_net\n[524854.858886] RIP: 0010:__nf_unregister_net_hook+0x21a/0x260\n[524854.858903] Code: 24 e8 aa 73 83 ff 48 63 43 1c 83 f8 01 0f 85 3d ff ff ff e8 98 d1 f0 ff 48 8b 3c 24 e8 8f 73 83 ff 48 63 43 1c e9 26 ff ff ff \u003c0f\u003e 0b 48 83 c4 18 48 c7 c7 00 68 e9 82 5b 5d 41 5c 41 5d 41 5e 41\n[524854.858914] RSP: 0018:ffff8881e36d79e0 EFLAGS: 00010246\n[524854.858926] RAX: 0000000000000000 RBX: ffff8881339ae790 RCX: ffffffff81ba524a\n[524854.858936] RDX: dffffc0000000000 RSI: 0000000000000008 RDI: ffff8881c8a16438\n[524854.858945] RBP: ffff8881c8a16438 R08: 0000000000000001 R09: ffffed103c6daf34\n[524854.858954] R10: ffff8881e36d79a7 R11: 0000000000000000 R12: 0000000000000005\n[524854.858962] R13: ffff8881c8a16000 R14: 0000000000000000 R15: ffff8881351b5a00\n[524854.858971] FS:  0000000000000000(0000) GS:ffff888390800000(0000) knlGS:0000000000000000\n[524854.858982] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[524854.858991] CR2: 00007fc9be0f16f4 CR3: 00000001437cc004 CR4: 00000000001706f0\n[524854.859000] Call Trace:\n[524854.859006]  \u003cTASK\u003e\n[524854.859013]  ? __warn+0x9f/0x1a0\n[524854.859027]  ? __nf_unregister_net_hook+0x21a/0x260\n[524854.859044]  ? report_bug+0x1b1/0x1e0\n[524854.859060]  ? handle_bug+0x3c/0x70\n[524854.859071]  ? exc_invalid_op+0x17/0x40\n[524854.859083]  ? asm_exc_invalid_op+0x1a/0x20\n[524854.859100]  ? __nf_unregister_net_hook+0x6a/0x260\n[524854.859116]  ? __nf_unregister_net_hook+0x21a/0x260\n[524854.859135]  nf_tables_netdev_event+0x337/0x390 [nf_tables]\n[524854.859304]  ? __pfx_nf_tables_netdev_event+0x10/0x10 [nf_tables]\n[524854.859461]  ? packet_notifier+0xb3/0x360\n[524854.859476]  ? _raw_spin_unlock_irqrestore+0x11/0x40\n[524854.859489]  ? dcbnl_netdevice_event+0x35/0x140\n[524854.859507]  ? __pfx_nf_tables_netdev_event+0x10/0x10 [nf_tables]\n[524854.859661]  notifier_call_chain+0x7d/0x140\n[524854.859677]  unregister_netdevice_many_notify+0x5e1/0xae0"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T20:15:28.346Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/e4bb6da24de336a7899033a65490ed2d892efa5b"
        },
        {
          "url": "https://git.kernel.org/stable/c/5c45feb3c288cf44a529e2657b36c259d86497d2"
        },
        {
          "url": "https://git.kernel.org/stable/c/13ba94f6cc820fdea15efeaa17d4c722874eebf9"
        },
        {
          "url": "https://git.kernel.org/stable/c/8260c980aee7d8d8a3db39faf19c391d2f898816"
        },
        {
          "url": "https://git.kernel.org/stable/c/ca34c40d1c22c555fa7f4a21a1c807fea7290a0a"
        },
        {
          "url": "https://git.kernel.org/stable/c/8e30abc9ace4f0add4cd761dfdbfaebae5632dd2"
        }
      ],
      "title": "netfilter: nf_tables: honor table dormant flag from netdev release event path",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-36005",
    "datePublished": "2024-05-20T09:48:05.568Z",
    "dateReserved": "2024-05-17T13:50:33.150Z",
    "dateUpdated": "2026-05-12T11:53:34.671Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-36006 (GCVE-0-2024-36006)

Vulnerability from cvelistv5 – Published: 2024-05-20 09:48 – Updated: 2026-05-12 11:53

Title

mlxsw: spectrum_acl_tcam: Fix incorrect list API usage

Summary

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix incorrect list API usage Both the function that migrates all the chunks within a region and the function that migrates all the entries within a chunk call list_first_entry() on the respective lists without checking that the lists are not empty. This is incorrect usage of the API, which leads to the following warning [1]. Fix by returning if the lists are empty as there is nothing to migrate in this case. [1] WARNING: CPU: 0 PID: 6437 at drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c:1266 mlxsw_sp_acl_tcam_vchunk_migrate_all+0x1f1/0> Modules linked in: CPU: 0 PID: 6437 Comm: kworker/0:37 Not tainted 6.9.0-rc3-custom-00883-g94a65f079ef6 #39 Hardware name: Mellanox Technologies Ltd. MSN3700/VMOD0005, BIOS 5.11 01/06/2019 Workqueue: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_work RIP: 0010:mlxsw_sp_acl_tcam_vchunk_migrate_all+0x1f1/0x2c0 [...] Call Trace: <TASK> mlxsw_sp_acl_tcam_vregion_rehash_work+0x6c/0x4a0 process_one_work+0x151/0x370 worker_thread+0x2cb/0x3e0 kthread+0xd0/0x100 ret_from_fork+0x34/0x50 ret_from_fork_asm+0x1a/0x30 </TASK>

Severity

No CVSS data available.

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

Assigner

Linux

References

10 references

URL	Tags
https://git.kernel.org/stable/c/0b2c13b670b168e32…
https://git.kernel.org/stable/c/09846c2309b150b8c…
https://git.kernel.org/stable/c/64435b64e43d8ee60…
https://git.kernel.org/stable/c/4526a56e02da3725d…
https://git.kernel.org/stable/c/ab4ecfb627338e440…
https://git.kernel.org/stable/c/af8b593c3dd9df82c…
https://git.kernel.org/stable/c/b377add0f0117409c…
https://lists.debian.org/debian-lts-announce/2024…	x_transferred
https://cert-portal.siemens.com/productcert/html/…
https://cert-portal.siemens.com/productcert/html/…

Impacted products

6 products

Vendor	Product	Version
Linux	Linux	Affected: 6f9579d4e3021b17b0a4cde6b04a6c94c9575cdf , < 0b2c13b670b168e324e1cf109e67056a20fd610a (git) Affected: 6f9579d4e3021b17b0a4cde6b04a6c94c9575cdf , < 09846c2309b150b8ce4e0ce96f058197598fc530 (git) Affected: 6f9579d4e3021b17b0a4cde6b04a6c94c9575cdf , < 64435b64e43d8ee60faa46c0cd04e323e8b2a7b0 (git) Affected: 6f9579d4e3021b17b0a4cde6b04a6c94c9575cdf , < 4526a56e02da3725db979358964df9cd9c567154 (git) Affected: 6f9579d4e3021b17b0a4cde6b04a6c94c9575cdf , < ab4ecfb627338e440ae11def004c524a00d93e40 (git) Affected: 6f9579d4e3021b17b0a4cde6b04a6c94c9575cdf , < af8b593c3dd9df82cb199be65863af004b09fd97 (git) Affected: 6f9579d4e3021b17b0a4cde6b04a6c94c9575cdf , < b377add0f0117409c418ddd6504bd682ebe0bf79 (git)
Linux	Linux	Affected: 5.1 Unaffected: 0 , < 5.1 (semver) Unaffected: 5.4.275 , ≤ 5.4.* (semver) Unaffected: 5.10.216 , ≤ 5.10.* (semver) Unaffected: 5.15.158 , ≤ 5.15.* (semver) Unaffected: 6.1.90 , ≤ 6.1.* (semver) Unaffected: 6.6.30 , ≤ 6.6.* (semver) Unaffected: 6.8.9 , ≤ 6.8.* (semver) Unaffected: 6.9 , ≤ * (original_commit_for_fix)
Siemens	RUGGEDCOM RST2428P	Affected: 0 , < V3.1 (custom)
Siemens	SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family	Unaffected: 0 , < * (custom)
Siemens	SCALANCE XCM-/XRM-/XCH-/XRH-300 family	Affected: 0 , < V3.1 (custom)
Siemens	SIMATIC S7-1500 TM MFP - GNU/Linux subsystem	Affected: 0 , < * (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36006",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-20T17:00:50.884985Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:47:57.118Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:30:12.329Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0b2c13b670b168e324e1cf109e67056a20fd610a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/09846c2309b150b8ce4e0ce96f058197598fc530"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/64435b64e43d8ee60faa46c0cd04e323e8b2a7b0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4526a56e02da3725db979358964df9cd9c567154"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ab4ecfb627338e440ae11def004c524a00d93e40"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/af8b593c3dd9df82cb199be65863af004b09fd97"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b377add0f0117409c418ddd6504bd682ebe0bf79"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RST2428P",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V3.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XCM-/XRM-/XCH-/XRH-300 family",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V3.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-12T11:53:35.895Z",
          "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
          "shortName": "siemens-SADP"
        },
        "references": [
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
          },
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-613116.html"
          }
        ],
        "x_adpType": "supplier"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "0b2c13b670b168e324e1cf109e67056a20fd610a",
              "status": "affected",
              "version": "6f9579d4e3021b17b0a4cde6b04a6c94c9575cdf",
              "versionType": "git"
            },
            {
              "lessThan": "09846c2309b150b8ce4e0ce96f058197598fc530",
              "status": "affected",
              "version": "6f9579d4e3021b17b0a4cde6b04a6c94c9575cdf",
              "versionType": "git"
            },
            {
              "lessThan": "64435b64e43d8ee60faa46c0cd04e323e8b2a7b0",
              "status": "affected",
              "version": "6f9579d4e3021b17b0a4cde6b04a6c94c9575cdf",
              "versionType": "git"
            },
            {
              "lessThan": "4526a56e02da3725db979358964df9cd9c567154",
              "status": "affected",
              "version": "6f9579d4e3021b17b0a4cde6b04a6c94c9575cdf",
              "versionType": "git"
            },
            {
              "lessThan": "ab4ecfb627338e440ae11def004c524a00d93e40",
              "status": "affected",
              "version": "6f9579d4e3021b17b0a4cde6b04a6c94c9575cdf",
              "versionType": "git"
            },
            {
              "lessThan": "af8b593c3dd9df82cb199be65863af004b09fd97",
              "status": "affected",
              "version": "6f9579d4e3021b17b0a4cde6b04a6c94c9575cdf",
              "versionType": "git"
            },
            {
              "lessThan": "b377add0f0117409c418ddd6504bd682ebe0bf79",
              "status": "affected",
              "version": "6f9579d4e3021b17b0a4cde6b04a6c94c9575cdf",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.1"
            },
            {
              "lessThan": "5.1",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.275",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.216",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.158",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.90",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.30",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.275",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.216",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.158",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.90",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.30",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.9",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmlxsw: spectrum_acl_tcam: Fix incorrect list API usage\n\nBoth the function that migrates all the chunks within a region and the\nfunction that migrates all the entries within a chunk call\nlist_first_entry() on the respective lists without checking that the\nlists are not empty. This is incorrect usage of the API, which leads to\nthe following warning [1].\n\nFix by returning if the lists are empty as there is nothing to migrate\nin this case.\n\n[1]\nWARNING: CPU: 0 PID: 6437 at drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c:1266 mlxsw_sp_acl_tcam_vchunk_migrate_all+0x1f1/0\u003e\nModules linked in:\nCPU: 0 PID: 6437 Comm: kworker/0:37 Not tainted 6.9.0-rc3-custom-00883-g94a65f079ef6 #39\nHardware name: Mellanox Technologies Ltd. MSN3700/VMOD0005, BIOS 5.11 01/06/2019\nWorkqueue: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_work\nRIP: 0010:mlxsw_sp_acl_tcam_vchunk_migrate_all+0x1f1/0x2c0\n[...]\nCall Trace:\n \u003cTASK\u003e\n mlxsw_sp_acl_tcam_vregion_rehash_work+0x6c/0x4a0\n process_one_work+0x151/0x370\n worker_thread+0x2cb/0x3e0\n kthread+0xd0/0x100\n ret_from_fork+0x34/0x50\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T20:15:29.538Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/0b2c13b670b168e324e1cf109e67056a20fd610a"
        },
        {
          "url": "https://git.kernel.org/stable/c/09846c2309b150b8ce4e0ce96f058197598fc530"
        },
        {
          "url": "https://git.kernel.org/stable/c/64435b64e43d8ee60faa46c0cd04e323e8b2a7b0"
        },
        {
          "url": "https://git.kernel.org/stable/c/4526a56e02da3725db979358964df9cd9c567154"
        },
        {
          "url": "https://git.kernel.org/stable/c/ab4ecfb627338e440ae11def004c524a00d93e40"
        },
        {
          "url": "https://git.kernel.org/stable/c/af8b593c3dd9df82cb199be65863af004b09fd97"
        },
        {
          "url": "https://git.kernel.org/stable/c/b377add0f0117409c418ddd6504bd682ebe0bf79"
        }
      ],
      "title": "mlxsw: spectrum_acl_tcam: Fix incorrect list API usage",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-36006",
    "datePublished": "2024-05-20T09:48:06.278Z",
    "dateReserved": "2024-05-17T13:50:33.150Z",
    "dateUpdated": "2026-05-12T11:53:35.895Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-36007 (GCVE-0-2024-36007)

Vulnerability from cvelistv5 – Published: 2024-05-20 09:48 – Updated: 2026-05-12 11:53

Title

mlxsw: spectrum_acl_tcam: Fix warning during rehash

Summary

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix warning during rehash As previously explained, the rehash delayed work migrates filters from one region to another. This is done by iterating over all chunks (all the filters with the same priority) in the region and in each chunk iterating over all the filters. When the work runs out of credits it stores the current chunk and entry as markers in the per-work context so that it would know where to resume the migration from the next time the work is scheduled. Upon error, the chunk marker is reset to NULL, but without resetting the entry markers despite being relative to it. This can result in migration being resumed from an entry that does not belong to the chunk being migrated. In turn, this will eventually lead to a chunk being iterated over as if it is an entry. Because of how the two structures happen to be defined, this does not lead to KASAN splats, but to warnings such as [1]. Fix by creating a helper that resets all the markers and call it from all the places the currently only reset the chunk marker. For good measures also call it when starting a completely new rehash. Add a warning to avoid future cases. [1] WARNING: CPU: 7 PID: 1076 at drivers/net/ethernet/mellanox/mlxsw/core_acl_flex_keys.c:407 mlxsw_afk_encode+0x242/0x2f0 Modules linked in: CPU: 7 PID: 1076 Comm: kworker/7:24 Tainted: G W 6.9.0-rc3-custom-00880-g29e61d91b77b #29 Hardware name: Mellanox Technologies Ltd. MSN3700/VMOD0005, BIOS 5.11 01/06/2019 Workqueue: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_work RIP: 0010:mlxsw_afk_encode+0x242/0x2f0 [...] Call Trace: <TASK> mlxsw_sp_acl_atcam_entry_add+0xd9/0x3c0 mlxsw_sp_acl_tcam_entry_create+0x5e/0xa0 mlxsw_sp_acl_tcam_vchunk_migrate_all+0x109/0x290 mlxsw_sp_acl_tcam_vregion_rehash_work+0x6c/0x470 process_one_work+0x151/0x370 worker_thread+0x2cb/0x3e0 kthread+0xd0/0x100 ret_from_fork+0x34/0x50 </TASK>

Severity

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-noinfo Not enough information

Assigner

Linux

References

10 references

URL	Tags
https://git.kernel.org/stable/c/0b88631855026b55c…
https://git.kernel.org/stable/c/1d76bd2a0034d0d08…
https://git.kernel.org/stable/c/039992b6d2df097c6…
https://git.kernel.org/stable/c/751d352858108314e…
https://git.kernel.org/stable/c/e890456051fe8c579…
https://git.kernel.org/stable/c/17e9e0bbae652b9b2…
https://git.kernel.org/stable/c/743edc8547a92b619…
https://lists.debian.org/debian-lts-announce/2024…	x_transferred
https://cert-portal.siemens.com/productcert/html/…
https://cert-portal.siemens.com/productcert/html/…

Impacted products

6 products

Vendor	Product	Version
Linux	Linux	Affected: 6f9579d4e3021b17b0a4cde6b04a6c94c9575cdf , < 0b88631855026b55cad901ac28d081e0f358e596 (git) Affected: 6f9579d4e3021b17b0a4cde6b04a6c94c9575cdf , < 1d76bd2a0034d0d08045c1c6adf2235d88982952 (git) Affected: 6f9579d4e3021b17b0a4cde6b04a6c94c9575cdf , < 039992b6d2df097c65f480dcf269de3d2656f573 (git) Affected: 6f9579d4e3021b17b0a4cde6b04a6c94c9575cdf , < 751d352858108314efd33dddd5a9a2b6bf7d6916 (git) Affected: 6f9579d4e3021b17b0a4cde6b04a6c94c9575cdf , < e890456051fe8c57944b911defb3e6de91315861 (git) Affected: 6f9579d4e3021b17b0a4cde6b04a6c94c9575cdf , < 17e9e0bbae652b9b2049e51699e93dfa60b2988d (git) Affected: 6f9579d4e3021b17b0a4cde6b04a6c94c9575cdf , < 743edc8547a92b6192aa1f1b6bb78233fa21dc9b (git)
Linux	Linux	Affected: 5.1 Unaffected: 0 , < 5.1 (semver) Unaffected: 5.4.275 , ≤ 5.4.* (semver) Unaffected: 5.10.216 , ≤ 5.10.* (semver) Unaffected: 5.15.158 , ≤ 5.15.* (semver) Unaffected: 6.1.90 , ≤ 6.1.* (semver) Unaffected: 6.6.30 , ≤ 6.6.* (semver) Unaffected: 6.8.9 , ≤ 6.8.* (semver) Unaffected: 6.9 , ≤ * (original_commit_for_fix)
Siemens	RUGGEDCOM RST2428P	Affected: 0 , < V3.1 (custom)
Siemens	SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family	Unaffected: 0 , < * (custom)
Siemens	SCALANCE XCM-/XRM-/XCH-/XRH-300 family	Affected: 0 , < V3.1 (custom)
Siemens	SIMATIC S7-1500 TM MFP - GNU/Linux subsystem	Affected: 0 , < * (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-36007",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-31T18:47:44.179419Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-06T15:10:37.319Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:30:11.636Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0b88631855026b55cad901ac28d081e0f358e596"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1d76bd2a0034d0d08045c1c6adf2235d88982952"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/039992b6d2df097c65f480dcf269de3d2656f573"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/751d352858108314efd33dddd5a9a2b6bf7d6916"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e890456051fe8c57944b911defb3e6de91315861"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/17e9e0bbae652b9b2049e51699e93dfa60b2988d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/743edc8547a92b6192aa1f1b6bb78233fa21dc9b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RST2428P",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V3.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XCM-/XRM-/XCH-/XRH-300 family",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V3.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-12T11:53:37.257Z",
          "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
          "shortName": "siemens-SADP"
        },
        "references": [
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
          },
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-613116.html"
          }
        ],
        "x_adpType": "supplier"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "0b88631855026b55cad901ac28d081e0f358e596",
              "status": "affected",
              "version": "6f9579d4e3021b17b0a4cde6b04a6c94c9575cdf",
              "versionType": "git"
            },
            {
              "lessThan": "1d76bd2a0034d0d08045c1c6adf2235d88982952",
              "status": "affected",
              "version": "6f9579d4e3021b17b0a4cde6b04a6c94c9575cdf",
              "versionType": "git"
            },
            {
              "lessThan": "039992b6d2df097c65f480dcf269de3d2656f573",
              "status": "affected",
              "version": "6f9579d4e3021b17b0a4cde6b04a6c94c9575cdf",
              "versionType": "git"
            },
            {
              "lessThan": "751d352858108314efd33dddd5a9a2b6bf7d6916",
              "status": "affected",
              "version": "6f9579d4e3021b17b0a4cde6b04a6c94c9575cdf",
              "versionType": "git"
            },
            {
              "lessThan": "e890456051fe8c57944b911defb3e6de91315861",
              "status": "affected",
              "version": "6f9579d4e3021b17b0a4cde6b04a6c94c9575cdf",
              "versionType": "git"
            },
            {
              "lessThan": "17e9e0bbae652b9b2049e51699e93dfa60b2988d",
              "status": "affected",
              "version": "6f9579d4e3021b17b0a4cde6b04a6c94c9575cdf",
              "versionType": "git"
            },
            {
              "lessThan": "743edc8547a92b6192aa1f1b6bb78233fa21dc9b",
              "status": "affected",
              "version": "6f9579d4e3021b17b0a4cde6b04a6c94c9575cdf",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.1"
            },
            {
              "lessThan": "5.1",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.275",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.216",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.158",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.90",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.30",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.275",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.216",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.158",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.90",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.30",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.9",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmlxsw: spectrum_acl_tcam: Fix warning during rehash\n\nAs previously explained, the rehash delayed work migrates filters from\none region to another. This is done by iterating over all chunks (all\nthe filters with the same priority) in the region and in each chunk\niterating over all the filters.\n\nWhen the work runs out of credits it stores the current chunk and entry\nas markers in the per-work context so that it would know where to resume\nthe migration from the next time the work is scheduled.\n\nUpon error, the chunk marker is reset to NULL, but without resetting the\nentry markers despite being relative to it. This can result in migration\nbeing resumed from an entry that does not belong to the chunk being\nmigrated. In turn, this will eventually lead to a chunk being iterated\nover as if it is an entry. Because of how the two structures happen to\nbe defined, this does not lead to KASAN splats, but to warnings such as\n[1].\n\nFix by creating a helper that resets all the markers and call it from\nall the places the currently only reset the chunk marker. For good\nmeasures also call it when starting a completely new rehash. Add a\nwarning to avoid future cases.\n\n[1]\nWARNING: CPU: 7 PID: 1076 at drivers/net/ethernet/mellanox/mlxsw/core_acl_flex_keys.c:407 mlxsw_afk_encode+0x242/0x2f0\nModules linked in:\nCPU: 7 PID: 1076 Comm: kworker/7:24 Tainted: G        W          6.9.0-rc3-custom-00880-g29e61d91b77b #29\nHardware name: Mellanox Technologies Ltd. MSN3700/VMOD0005, BIOS 5.11 01/06/2019\nWorkqueue: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_work\nRIP: 0010:mlxsw_afk_encode+0x242/0x2f0\n[...]\nCall Trace:\n \u003cTASK\u003e\n mlxsw_sp_acl_atcam_entry_add+0xd9/0x3c0\n mlxsw_sp_acl_tcam_entry_create+0x5e/0xa0\n mlxsw_sp_acl_tcam_vchunk_migrate_all+0x109/0x290\n mlxsw_sp_acl_tcam_vregion_rehash_work+0x6c/0x470\n process_one_work+0x151/0x370\n worker_thread+0x2cb/0x3e0\n kthread+0xd0/0x100\n ret_from_fork+0x34/0x50\n \u003c/TASK\u003e"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T20:15:30.749Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/0b88631855026b55cad901ac28d081e0f358e596"
        },
        {
          "url": "https://git.kernel.org/stable/c/1d76bd2a0034d0d08045c1c6adf2235d88982952"
        },
        {
          "url": "https://git.kernel.org/stable/c/039992b6d2df097c65f480dcf269de3d2656f573"
        },
        {
          "url": "https://git.kernel.org/stable/c/751d352858108314efd33dddd5a9a2b6bf7d6916"
        },
        {
          "url": "https://git.kernel.org/stable/c/e890456051fe8c57944b911defb3e6de91315861"
        },
        {
          "url": "https://git.kernel.org/stable/c/17e9e0bbae652b9b2049e51699e93dfa60b2988d"
        },
        {
          "url": "https://git.kernel.org/stable/c/743edc8547a92b6192aa1f1b6bb78233fa21dc9b"
        }
      ],
      "title": "mlxsw: spectrum_acl_tcam: Fix warning during rehash",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-36007",
    "datePublished": "2024-05-20T09:48:06.947Z",
    "dateReserved": "2024-05-17T13:50:33.151Z",
    "dateUpdated": "2026-05-12T11:53:37.257Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-36009 (GCVE-0-2024-36009)

Vulnerability from cvelistv5 – Published: 2024-05-20 09:48 – Updated: 2026-05-23 15:46

Title

ax25: Fix netdev refcount issue

Summary

In the Linux kernel, the following vulnerability has been resolved: ax25: Fix netdev refcount issue The dev_tracker is added to ax25_cb in ax25_bind(). When the ax25 device is detaching, the dev_tracker of ax25_cb should be deallocated in ax25_kill_by_device() instead of the dev_tracker of ax25_dev. The log reported by ref_tracker is shown below: [ 80.884935] ref_tracker: reference already released. [ 80.885150] ref_tracker: allocated in: [ 80.885349] ax25_dev_device_up+0x105/0x540 [ 80.885730] ax25_device_event+0xa4/0x420 [ 80.885730] notifier_call_chain+0xc9/0x1e0 [ 80.885730] __dev_notify_flags+0x138/0x280 [ 80.885730] dev_change_flags+0xd7/0x180 [ 80.885730] dev_ifsioc+0x6a9/0xa30 [ 80.885730] dev_ioctl+0x4d8/0xd90 [ 80.885730] sock_do_ioctl+0x1c2/0x2d0 [ 80.885730] sock_ioctl+0x38b/0x4f0 [ 80.885730] __se_sys_ioctl+0xad/0xf0 [ 80.885730] do_syscall_64+0xc4/0x1b0 [ 80.885730] entry_SYSCALL_64_after_hwframe+0x67/0x6f [ 80.885730] ref_tracker: freed in: [ 80.885730] ax25_device_event+0x272/0x420 [ 80.885730] notifier_call_chain+0xc9/0x1e0 [ 80.885730] dev_close_many+0x272/0x370 [ 80.885730] unregister_netdevice_many_notify+0x3b5/0x1180 [ 80.885730] unregister_netdev+0xcf/0x120 [ 80.885730] sixpack_close+0x11f/0x1b0 [ 80.885730] tty_ldisc_kill+0xcb/0x190 [ 80.885730] tty_ldisc_hangup+0x338/0x3d0 [ 80.885730] __tty_hangup+0x504/0x740 [ 80.885730] tty_release+0x46e/0xd80 [ 80.885730] __fput+0x37f/0x770 [ 80.885730] __x64_sys_close+0x7b/0xb0 [ 80.885730] do_syscall_64+0xc4/0x1b0 [ 80.885730] entry_SYSCALL_64_after_hwframe+0x67/0x6f [ 80.893739] ------------[ cut here ]------------ [ 80.894030] WARNING: CPU: 2 PID: 140 at lib/ref_tracker.c:255 ref_tracker_free+0x47b/0x6b0 [ 80.894297] Modules linked in: [ 80.894929] CPU: 2 PID: 140 Comm: ax25_conn_rel_6 Not tainted 6.9.0-rc4-g8cd26fd90c1a #11 [ 80.895190] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qem4 [ 80.895514] RIP: 0010:ref_tracker_free+0x47b/0x6b0 [ 80.895808] Code: 83 c5 18 4c 89 eb 48 c1 eb 03 8a 04 13 84 c0 0f 85 df 01 00 00 41 83 7d 00 00 75 4b 4c 89 ff 9 [ 80.896171] RSP: 0018:ffff888009edf8c0 EFLAGS: 00000286 [ 80.896339] RAX: 1ffff1100141ac00 RBX: 1ffff1100149463b RCX: dffffc0000000000 [ 80.896502] RDX: 0000000000000001 RSI: 0000000000000246 RDI: ffff88800a0d6518 [ 80.896925] RBP: ffff888009edf9b0 R08: ffff88806d3288d3 R09: 1ffff1100da6511a [ 80.897212] R10: dffffc0000000000 R11: ffffed100da6511b R12: ffff88800a4a31d4 [ 80.897859] R13: ffff88800a4a31d8 R14: dffffc0000000000 R15: ffff88800a0d6518 [ 80.898279] FS: 00007fd88b7fe700(0000) GS:ffff88806d300000(0000) knlGS:0000000000000000 [ 80.899436] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 80.900181] CR2: 00007fd88c001d48 CR3: 000000000993e000 CR4: 00000000000006f0 ... [ 80.935774] ref_tracker: sp%d@000000000bb9df3d has 1/1 users at [ 80.935774] ax25_bind+0x424/0x4e0 [ 80.935774] __sys_bind+0x1d9/0x270 [ 80.935774] __x64_sys_bind+0x75/0x80 [ 80.935774] do_syscall_64+0xc4/0x1b0 [ 80.935774] entry_SYSCALL_64_after_hwframe+0x67/0x6f Change ax25_dev->dev_tracker to the dev_tracker of ax25_cb in order to mitigate the bug.

Severity

No CVSS data available.

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

Assigner

Linux

References

6 references

URL	Tags
https://git.kernel.org/stable/c/0d14f104027e30720…
https://git.kernel.org/stable/c/4fee8fa86a15d7790…
https://git.kernel.org/stable/c/c42b073d9af4a5329…
https://git.kernel.org/stable/c/467324bcfe1a31ec6…
http://www.openwall.com/lists/oss-security/2024/05/30/2	x_transferred
http://www.openwall.com/lists/oss-security/2024/05/30/1	x_transferred

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: feef318c855a361a1eccd880f33e88c460eb63b4 , < 0d14f104027e30720582448706c7d6b43065c851 (git) Affected: feef318c855a361a1eccd880f33e88c460eb63b4 , < 4fee8fa86a15d7790268eea458b1aec69c695530 (git) Affected: feef318c855a361a1eccd880f33e88c460eb63b4 , < c42b073d9af4a5329b25b17390c63ab3847f30e8 (git) Affected: feef318c855a361a1eccd880f33e88c460eb63b4 , < 467324bcfe1a31ec65d0cf4aa59421d6b7a7d52b (git) Affected: b8c07f33aa35dacf5444e7053ed9662d1869f536 (git) Affected: b1e0a6fc7f17500484c402ad1cd018c24dfc14b3 (git) Affected: 7528d0f2210c3a1154186175516ed37aa970f2b1 (git) Affected: 57cc15f5fd550316e4104eaf84b90fbc640fd7a5 (git) Affected: b982492ec3a115e0a136856a1b2dbe32f2d21a0e (git) Affected: 4.14.277 , < 4.15 (semver) Affected: 4.19.240 , < 4.20 (semver) Affected: 5.4.190 , < 5.5 (semver) Affected: 5.10.112 , < 5.11 (semver) Affected: 5.15.35 , < 5.16 (semver)
Linux	Linux	Affected: 5.17 Unaffected: 0 , < 5.17 (semver) Unaffected: 6.1.90 , ≤ 6.1.* (semver) Unaffected: 6.6.30 , ≤ 6.6.* (semver) Unaffected: 6.8.9 , ≤ 6.8.* (semver) Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36009",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-13T20:06:19.404612Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-13T20:06:29.490Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:30:12.796Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0d14f104027e30720582448706c7d6b43065c851"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4fee8fa86a15d7790268eea458b1aec69c695530"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c42b073d9af4a5329b25b17390c63ab3847f30e8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/467324bcfe1a31ec65d0cf4aa59421d6b7a7d52b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/05/30/2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/05/30/1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/ax25/af_ax25.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "0d14f104027e30720582448706c7d6b43065c851",
              "status": "affected",
              "version": "feef318c855a361a1eccd880f33e88c460eb63b4",
              "versionType": "git"
            },
            {
              "lessThan": "4fee8fa86a15d7790268eea458b1aec69c695530",
              "status": "affected",
              "version": "feef318c855a361a1eccd880f33e88c460eb63b4",
              "versionType": "git"
            },
            {
              "lessThan": "c42b073d9af4a5329b25b17390c63ab3847f30e8",
              "status": "affected",
              "version": "feef318c855a361a1eccd880f33e88c460eb63b4",
              "versionType": "git"
            },
            {
              "lessThan": "467324bcfe1a31ec65d0cf4aa59421d6b7a7d52b",
              "status": "affected",
              "version": "feef318c855a361a1eccd880f33e88c460eb63b4",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "b8c07f33aa35dacf5444e7053ed9662d1869f536",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "b1e0a6fc7f17500484c402ad1cd018c24dfc14b3",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "7528d0f2210c3a1154186175516ed37aa970f2b1",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "57cc15f5fd550316e4104eaf84b90fbc640fd7a5",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "b982492ec3a115e0a136856a1b2dbe32f2d21a0e",
              "versionType": "git"
            },
            {
              "lessThan": "4.15",
              "status": "affected",
              "version": "4.14.277",
              "versionType": "semver"
            },
            {
              "lessThan": "4.20",
              "status": "affected",
              "version": "4.19.240",
              "versionType": "semver"
            },
            {
              "lessThan": "5.5",
              "status": "affected",
              "version": "5.4.190",
              "versionType": "semver"
            },
            {
              "lessThan": "5.11",
              "status": "affected",
              "version": "5.10.112",
              "versionType": "semver"
            },
            {
              "lessThan": "5.16",
              "status": "affected",
              "version": "5.15.35",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/ax25/af_ax25.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.17"
            },
            {
              "lessThan": "5.17",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.90",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.30",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.90",
                  "versionStartIncluding": "5.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.30",
                  "versionStartIncluding": "5.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.9",
                  "versionStartIncluding": "5.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "5.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.14.277",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.19.240",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.4.190",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.10.112",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.15.35",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nax25: Fix netdev refcount issue\n\nThe dev_tracker is added to ax25_cb in ax25_bind(). When the\nax25 device is detaching, the dev_tracker of ax25_cb should be\ndeallocated in ax25_kill_by_device() instead of the dev_tracker\nof ax25_dev. The log reported by ref_tracker is shown below:\n\n[   80.884935] ref_tracker: reference already released.\n[   80.885150] ref_tracker: allocated in:\n[   80.885349]  ax25_dev_device_up+0x105/0x540\n[   80.885730]  ax25_device_event+0xa4/0x420\n[   80.885730]  notifier_call_chain+0xc9/0x1e0\n[   80.885730]  __dev_notify_flags+0x138/0x280\n[   80.885730]  dev_change_flags+0xd7/0x180\n[   80.885730]  dev_ifsioc+0x6a9/0xa30\n[   80.885730]  dev_ioctl+0x4d8/0xd90\n[   80.885730]  sock_do_ioctl+0x1c2/0x2d0\n[   80.885730]  sock_ioctl+0x38b/0x4f0\n[   80.885730]  __se_sys_ioctl+0xad/0xf0\n[   80.885730]  do_syscall_64+0xc4/0x1b0\n[   80.885730]  entry_SYSCALL_64_after_hwframe+0x67/0x6f\n[   80.885730] ref_tracker: freed in:\n[   80.885730]  ax25_device_event+0x272/0x420\n[   80.885730]  notifier_call_chain+0xc9/0x1e0\n[   80.885730]  dev_close_many+0x272/0x370\n[   80.885730]  unregister_netdevice_many_notify+0x3b5/0x1180\n[   80.885730]  unregister_netdev+0xcf/0x120\n[   80.885730]  sixpack_close+0x11f/0x1b0\n[   80.885730]  tty_ldisc_kill+0xcb/0x190\n[   80.885730]  tty_ldisc_hangup+0x338/0x3d0\n[   80.885730]  __tty_hangup+0x504/0x740\n[   80.885730]  tty_release+0x46e/0xd80\n[   80.885730]  __fput+0x37f/0x770\n[   80.885730]  __x64_sys_close+0x7b/0xb0\n[   80.885730]  do_syscall_64+0xc4/0x1b0\n[   80.885730]  entry_SYSCALL_64_after_hwframe+0x67/0x6f\n[   80.893739] ------------[ cut here ]------------\n[   80.894030] WARNING: CPU: 2 PID: 140 at lib/ref_tracker.c:255 ref_tracker_free+0x47b/0x6b0\n[   80.894297] Modules linked in:\n[   80.894929] CPU: 2 PID: 140 Comm: ax25_conn_rel_6 Not tainted 6.9.0-rc4-g8cd26fd90c1a #11\n[   80.895190] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qem4\n[   80.895514] RIP: 0010:ref_tracker_free+0x47b/0x6b0\n[   80.895808] Code: 83 c5 18 4c 89 eb 48 c1 eb 03 8a 04 13 84 c0 0f 85 df 01 00 00 41 83 7d 00 00 75 4b 4c 89 ff 9\n[   80.896171] RSP: 0018:ffff888009edf8c0 EFLAGS: 00000286\n[   80.896339] RAX: 1ffff1100141ac00 RBX: 1ffff1100149463b RCX: dffffc0000000000\n[   80.896502] RDX: 0000000000000001 RSI: 0000000000000246 RDI: ffff88800a0d6518\n[   80.896925] RBP: ffff888009edf9b0 R08: ffff88806d3288d3 R09: 1ffff1100da6511a\n[   80.897212] R10: dffffc0000000000 R11: ffffed100da6511b R12: ffff88800a4a31d4\n[   80.897859] R13: ffff88800a4a31d8 R14: dffffc0000000000 R15: ffff88800a0d6518\n[   80.898279] FS:  00007fd88b7fe700(0000) GS:ffff88806d300000(0000) knlGS:0000000000000000\n[   80.899436] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[   80.900181] CR2: 00007fd88c001d48 CR3: 000000000993e000 CR4: 00000000000006f0\n...\n[   80.935774] ref_tracker: sp%d@000000000bb9df3d has 1/1 users at\n[   80.935774]      ax25_bind+0x424/0x4e0\n[   80.935774]      __sys_bind+0x1d9/0x270\n[   80.935774]      __x64_sys_bind+0x75/0x80\n[   80.935774]      do_syscall_64+0xc4/0x1b0\n[   80.935774]      entry_SYSCALL_64_after_hwframe+0x67/0x6f\n\nChange ax25_dev-\u003edev_tracker to the dev_tracker of ax25_cb\nin order to mitigate the bug."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-23T15:46:16.981Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/0d14f104027e30720582448706c7d6b43065c851"
        },
        {
          "url": "https://git.kernel.org/stable/c/4fee8fa86a15d7790268eea458b1aec69c695530"
        },
        {
          "url": "https://git.kernel.org/stable/c/c42b073d9af4a5329b25b17390c63ab3847f30e8"
        },
        {
          "url": "https://git.kernel.org/stable/c/467324bcfe1a31ec65d0cf4aa59421d6b7a7d52b"
        }
      ],
      "title": "ax25: Fix netdev refcount issue",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-36009",
    "datePublished": "2024-05-20T09:48:08.238Z",
    "dateReserved": "2024-05-17T13:50:33.152Z",
    "dateUpdated": "2026-05-23T15:46:16.981Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-36011 (GCVE-0-2024-36011)

Vulnerability from cvelistv5 – Published: 2024-05-23 07:03 – Updated: 2026-05-23 15:46

Title

Bluetooth: HCI: Fix potential null-ptr-deref

Summary

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HCI: Fix potential null-ptr-deref Fix potential null-ptr-deref in hci_le_big_sync_established_evt().

Severity

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-476 - NULL Pointer Dereference

Assigner

Linux

References

3 references

URL	Tags
https://git.kernel.org/stable/c/1f7ebb69c1d65732b…
https://git.kernel.org/stable/c/9f3be61f55d4eedc2…
https://git.kernel.org/stable/c/d2706004a1b8b5265…

Impacted products

9 products

Vendor	Product	Version
Linux	Linux	Affected: f777d88278170410b06a1f6633f3b9375a4ddd6b , < 1f7ebb69c1d65732bcac2fda9d15421f76f01e81 (git) Affected: f777d88278170410b06a1f6633f3b9375a4ddd6b , < 9f3be61f55d4eedc20eedc56c0f04a5ce2b4a55a (git) Affected: f777d88278170410b06a1f6633f3b9375a4ddd6b , < d2706004a1b8b526592e823d7e52551b518a7941 (git) Affected: 970aaee1d264ff8b6907005f47b8724ad45f1e48 (git) Affected: 993fffbcc6164a9b9b6446f21f3caa649e3c7346 (git) Affected: 6.4.16 , < 6.5 (semver) Affected: 6.5.3 , < 6.6 (semver)
Linux	Linux	Affected: 6.6 Unaffected: 0 , < 6.6 (semver) Unaffected: 6.6.31 , ≤ 6.6.* (semver) Unaffected: 6.8.10 , ≤ 6.8.* (semver) Unaffected: 6.9 , ≤ * (original_commit_for_fix)
linux	linux_kernel	Affected: f777d8827817 , < 1f7ebb69c1d6 (custom) cpe:2.3:o:linux:linux_kernel:-:::::::*
linux	linux_kernel	Affected: f777d8827817 , < 9f3be61f55d4 (custom) cpe:2.3:o:linux:linux_kernel:-:::::::*
linux	linux_kernel	Affected: f777d8827817 , < d2706004a1b8 (custom) cpe:2.3:o:linux:linux_kernel:-:::::::*
linux	linux_kernel	Unaffected: 0 , < 6.6 (custom) cpe:2.3:o:linux:linux_kernel:-:::::::*
linux	linux_kernel	Unaffected: 6.6.31 , < 6.7 (custom) cpe:2.3:o:linux:linux_kernel:-:::::::*
linux	linux_kernel	Unaffected: 6.8.10 , < 6.9 (custom) cpe:2.3:o:linux:linux_kernel:-:::::::*
linux	linux_kernel	Affected: 6.6 cpe:2.3:o:linux:linux_kernel:6.6:-::::::

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "1f7ebb69c1d6",
                "status": "affected",
                "version": "f777d8827817",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "9f3be61f55d4",
                "status": "affected",
                "version": "f777d8827817",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "d2706004a1b8",
                "status": "affected",
                "version": "f777d8827817",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "6.6",
                "status": "unaffected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "6.7",
                "status": "unaffected",
                "version": "6.6.31",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "6.9",
                "status": "unaffected",
                "version": "6.8.10",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:6.6:-:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "affected",
                "version": "6.6"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-36011",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-07T19:47:32.087529Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-476",
                "description": "CWE-476 NULL Pointer Dereference",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-07T19:48:25.589Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:30:12.238Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1f7ebb69c1d65732bcac2fda9d15421f76f01e81"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9f3be61f55d4eedc20eedc56c0f04a5ce2b4a55a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d2706004a1b8b526592e823d7e52551b518a7941"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/bluetooth/hci_event.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "1f7ebb69c1d65732bcac2fda9d15421f76f01e81",
              "status": "affected",
              "version": "f777d88278170410b06a1f6633f3b9375a4ddd6b",
              "versionType": "git"
            },
            {
              "lessThan": "9f3be61f55d4eedc20eedc56c0f04a5ce2b4a55a",
              "status": "affected",
              "version": "f777d88278170410b06a1f6633f3b9375a4ddd6b",
              "versionType": "git"
            },
            {
              "lessThan": "d2706004a1b8b526592e823d7e52551b518a7941",
              "status": "affected",
              "version": "f777d88278170410b06a1f6633f3b9375a4ddd6b",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "970aaee1d264ff8b6907005f47b8724ad45f1e48",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "993fffbcc6164a9b9b6446f21f3caa649e3c7346",
              "versionType": "git"
            },
            {
              "lessThan": "6.5",
              "status": "affected",
              "version": "6.4.16",
              "versionType": "semver"
            },
            {
              "lessThan": "6.6",
              "status": "affected",
              "version": "6.5.3",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/bluetooth/hci_event.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.6"
            },
            {
              "lessThan": "6.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.31",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.31",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.10",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.5.3",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: HCI: Fix potential null-ptr-deref\n\nFix potential null-ptr-deref in hci_le_big_sync_established_evt()."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-23T15:46:21.270Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/1f7ebb69c1d65732bcac2fda9d15421f76f01e81"
        },
        {
          "url": "https://git.kernel.org/stable/c/9f3be61f55d4eedc20eedc56c0f04a5ce2b4a55a"
        },
        {
          "url": "https://git.kernel.org/stable/c/d2706004a1b8b526592e823d7e52551b518a7941"
        }
      ],
      "title": "Bluetooth: HCI: Fix potential null-ptr-deref",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-36011",
    "datePublished": "2024-05-23T07:03:06.225Z",
    "dateReserved": "2024-05-17T13:50:33.152Z",
    "dateUpdated": "2026-05-23T15:46:21.270Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-36012 (GCVE-0-2024-36012)

Vulnerability from cvelistv5 – Published: 2024-05-23 07:03 – Updated: 2026-05-11 20:15

Title

Bluetooth: msft: fix slab-use-after-free in msft_do_close()

Summary

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: msft: fix slab-use-after-free in msft_do_close() Tying the msft->data lifetime to hdev by freeing it in hci_release_dev() to fix the following case: [use] msft_do_close() msft = hdev->msft_data; if (!msft) ...(1) <- passed. return; mutex_lock(&msft->filter_lock); ...(4) <- used after freed. [free] msft_unregister() msft = hdev->msft_data; hdev->msft_data = NULL; ...(2) kfree(msft); ...(3) <- msft is freed. ================================================================== BUG: KASAN: slab-use-after-free in __mutex_lock_common kernel/locking/mutex.c:587 [inline] BUG: KASAN: slab-use-after-free in __mutex_lock+0x8f/0xc30 kernel/locking/mutex.c:752 Read of size 8 at addr ffff888106cbbca8 by task kworker/u5:2/309

Severity

No CVSS data available.

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

Assigner

Linux

References

4 references

URL	Tags
https://git.kernel.org/stable/c/e3880b531b68f98d3…
https://git.kernel.org/stable/c/a85a60e62355e3bf4…
https://git.kernel.org/stable/c/4f1de02de07748da8…
https://git.kernel.org/stable/c/10f9f426ac6e752c8…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: bf6a4e30ffbd9e9ef8934582feb937f6532f8b68 , < e3880b531b68f98d3941d83f2f6dd11cf4fd6b76 (git) Affected: bf6a4e30ffbd9e9ef8934582feb937f6532f8b68 , < a85a60e62355e3bf4802dead7938966824b23940 (git) Affected: bf6a4e30ffbd9e9ef8934582feb937f6532f8b68 , < 4f1de02de07748da80a8178879bc7a1df37fdf56 (git) Affected: bf6a4e30ffbd9e9ef8934582feb937f6532f8b68 , < 10f9f426ac6e752c8d87bf4346930ba347aaabac (git)
Linux	Linux	Affected: 5.12 Unaffected: 0 , < 5.12 (semver) Unaffected: 6.1.91 , ≤ 6.1.* (semver) Unaffected: 6.6.31 , ≤ 6.6.* (semver) Unaffected: 6.8.10 , ≤ 6.8.* (semver) Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36012",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-10T18:54:16.912662Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-10T18:54:24.668Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:30:12.508Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e3880b531b68f98d3941d83f2f6dd11cf4fd6b76"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a85a60e62355e3bf4802dead7938966824b23940"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4f1de02de07748da80a8178879bc7a1df37fdf56"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/10f9f426ac6e752c8d87bf4346930ba347aaabac"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/bluetooth/hci_core.c",
            "net/bluetooth/msft.c",
            "net/bluetooth/msft.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "e3880b531b68f98d3941d83f2f6dd11cf4fd6b76",
              "status": "affected",
              "version": "bf6a4e30ffbd9e9ef8934582feb937f6532f8b68",
              "versionType": "git"
            },
            {
              "lessThan": "a85a60e62355e3bf4802dead7938966824b23940",
              "status": "affected",
              "version": "bf6a4e30ffbd9e9ef8934582feb937f6532f8b68",
              "versionType": "git"
            },
            {
              "lessThan": "4f1de02de07748da80a8178879bc7a1df37fdf56",
              "status": "affected",
              "version": "bf6a4e30ffbd9e9ef8934582feb937f6532f8b68",
              "versionType": "git"
            },
            {
              "lessThan": "10f9f426ac6e752c8d87bf4346930ba347aaabac",
              "status": "affected",
              "version": "bf6a4e30ffbd9e9ef8934582feb937f6532f8b68",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/bluetooth/hci_core.c",
            "net/bluetooth/msft.c",
            "net/bluetooth/msft.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.12"
            },
            {
              "lessThan": "5.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.91",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.31",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.91",
                  "versionStartIncluding": "5.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.31",
                  "versionStartIncluding": "5.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.10",
                  "versionStartIncluding": "5.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "5.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: msft: fix slab-use-after-free in msft_do_close()\n\nTying the msft-\u003edata lifetime to hdev by freeing it in\nhci_release_dev() to fix the following case:\n\n[use]\nmsft_do_close()\n  msft = hdev-\u003emsft_data;\n  if (!msft)                      ...(1) \u003c- passed.\n    return;\n  mutex_lock(\u0026msft-\u003efilter_lock); ...(4) \u003c- used after freed.\n\n[free]\nmsft_unregister()\n  msft = hdev-\u003emsft_data;\n  hdev-\u003emsft_data = NULL;         ...(2)\n  kfree(msft);                    ...(3) \u003c- msft is freed.\n\n==================================================================\nBUG: KASAN: slab-use-after-free in __mutex_lock_common\nkernel/locking/mutex.c:587 [inline]\nBUG: KASAN: slab-use-after-free in __mutex_lock+0x8f/0xc30\nkernel/locking/mutex.c:752\nRead of size 8 at addr ffff888106cbbca8 by task kworker/u5:2/309"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T20:15:37.238Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/e3880b531b68f98d3941d83f2f6dd11cf4fd6b76"
        },
        {
          "url": "https://git.kernel.org/stable/c/a85a60e62355e3bf4802dead7938966824b23940"
        },
        {
          "url": "https://git.kernel.org/stable/c/4f1de02de07748da80a8178879bc7a1df37fdf56"
        },
        {
          "url": "https://git.kernel.org/stable/c/10f9f426ac6e752c8d87bf4346930ba347aaabac"
        }
      ],
      "title": "Bluetooth: msft: fix slab-use-after-free in msft_do_close()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-36012",
    "datePublished": "2024-05-23T07:03:06.904Z",
    "dateReserved": "2024-05-17T13:50:33.153Z",
    "dateUpdated": "2026-05-11T20:15:37.238Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-36013 (GCVE-0-2024-36013)

Vulnerability from cvelistv5 – Published: 2024-05-23 07:03 – Updated: 2026-05-11 20:15

Title

Bluetooth: L2CAP: Fix slab-use-after-free in l2cap_connect()

Summary

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix slab-use-after-free in l2cap_connect() Extend a critical section to prevent chan from early freeing. Also make the l2cap_connect() return type void. Nothing is using the returned value but it is ugly to return a potentially freed pointer. Making it void will help with backports because earlier kernels did use the return value. Now the compile will break for kernels where this patch is not a complete fix. Call stack summary: [use] l2cap_bredr_sig_cmd l2cap_connect ┌ mutex_lock(&conn->chan_lock); │ chan = pchan->ops->new_connection(pchan); <- alloc chan │ __l2cap_chan_add(conn, chan); │ l2cap_chan_hold(chan); │ list_add(&chan->list, &conn->chan_l); ... (1) └ mutex_unlock(&conn->chan_lock); chan->conf_state ... (4) <- use after free [free] l2cap_conn_del ┌ mutex_lock(&conn->chan_lock); │ foreach chan in conn->chan_l: ... (2) │ l2cap_chan_put(chan); │ l2cap_chan_destroy │ kfree(chan) ... (3) <- chan freed └ mutex_unlock(&conn->chan_lock); ================================================================== BUG: KASAN: slab-use-after-free in instrument_atomic_read include/linux/instrumented.h:68 [inline] BUG: KASAN: slab-use-after-free in _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline] BUG: KASAN: slab-use-after-free in l2cap_connect+0xa67/0x11a0 net/bluetooth/l2cap_core.c:4260 Read of size 8 at addr ffff88810bf040a0 by task kworker/u3:1/311

Severity

6.8 (Medium)


                        
                          CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-416 - Use After Free

Assigner

Linux

References

5 references

URL	Tags
https://git.kernel.org/stable/c/cfe560c7050bfb37b…
https://git.kernel.org/stable/c/826af9d2f69567c64…
https://git.kernel.org/stable/c/4d7b41c0e43995b0e…
http://www.openwall.com/lists/oss-security/2024/05/30/2	x_transferred
http://www.openwall.com/lists/oss-security/2024/05/30/1	x_transferred

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: 73ffa904b78287f6acf8797e040150aa26a4af4a , < cfe560c7050bfb37b0d2491bbe7cd8b59e77fdc5 (git) Affected: 73ffa904b78287f6acf8797e040150aa26a4af4a , < 826af9d2f69567c646ff46d10393d47e30ad23c6 (git) Affected: 73ffa904b78287f6acf8797e040150aa26a4af4a , < 4d7b41c0e43995b0e992b9f8903109275744b658 (git)
Linux	Linux	Affected: 3.0 Unaffected: 0 , < 3.0 (semver) Unaffected: 6.6.32 , ≤ 6.6.* (semver) Unaffected: 6.8.11 , ≤ 6.8.* (semver) Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "ADJACENT_NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 6.8,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-36013",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-23T16:10:59.613631Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:47:42.167Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:30:11.584Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cfe560c7050bfb37b0d2491bbe7cd8b59e77fdc5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/826af9d2f69567c646ff46d10393d47e30ad23c6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4d7b41c0e43995b0e992b9f8903109275744b658"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/05/30/2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/05/30/1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/bluetooth/l2cap_core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "cfe560c7050bfb37b0d2491bbe7cd8b59e77fdc5",
              "status": "affected",
              "version": "73ffa904b78287f6acf8797e040150aa26a4af4a",
              "versionType": "git"
            },
            {
              "lessThan": "826af9d2f69567c646ff46d10393d47e30ad23c6",
              "status": "affected",
              "version": "73ffa904b78287f6acf8797e040150aa26a4af4a",
              "versionType": "git"
            },
            {
              "lessThan": "4d7b41c0e43995b0e992b9f8903109275744b658",
              "status": "affected",
              "version": "73ffa904b78287f6acf8797e040150aa26a4af4a",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/bluetooth/l2cap_core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.0"
            },
            {
              "lessThan": "3.0",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.32",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.32",
                  "versionStartIncluding": "3.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.11",
                  "versionStartIncluding": "3.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "3.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix slab-use-after-free in l2cap_connect()\n\nExtend a critical section to prevent chan from early freeing.\nAlso make the l2cap_connect() return type void. Nothing is using the\nreturned value but it is ugly to return a potentially freed pointer.\nMaking it void will help with backports because earlier kernels did use\nthe return value. Now the compile will break for kernels where this\npatch is not a complete fix.\n\nCall stack summary:\n\n[use]\nl2cap_bredr_sig_cmd\n  l2cap_connect\n  \u250c mutex_lock(\u0026conn-\u003echan_lock);\n  \u2502 chan = pchan-\u003eops-\u003enew_connection(pchan); \u003c- alloc chan\n  \u2502 __l2cap_chan_add(conn, chan);\n  \u2502   l2cap_chan_hold(chan);\n  \u2502   list_add(\u0026chan-\u003elist, \u0026conn-\u003echan_l);   ... (1)\n  \u2514 mutex_unlock(\u0026conn-\u003echan_lock);\n    chan-\u003econf_state              ... (4) \u003c- use after free\n\n[free]\nl2cap_conn_del\n\u250c mutex_lock(\u0026conn-\u003echan_lock);\n\u2502 foreach chan in conn-\u003echan_l:            ... (2)\n\u2502   l2cap_chan_put(chan);\n\u2502     l2cap_chan_destroy\n\u2502       kfree(chan)               ... (3) \u003c- chan freed\n\u2514 mutex_unlock(\u0026conn-\u003echan_lock);\n\n==================================================================\nBUG: KASAN: slab-use-after-free in instrument_atomic_read\ninclude/linux/instrumented.h:68 [inline]\nBUG: KASAN: slab-use-after-free in _test_bit\ninclude/asm-generic/bitops/instrumented-non-atomic.h:141 [inline]\nBUG: KASAN: slab-use-after-free in l2cap_connect+0xa67/0x11a0\nnet/bluetooth/l2cap_core.c:4260\nRead of size 8 at addr ffff88810bf040a0 by task kworker/u3:1/311"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T20:15:38.405Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/cfe560c7050bfb37b0d2491bbe7cd8b59e77fdc5"
        },
        {
          "url": "https://git.kernel.org/stable/c/826af9d2f69567c646ff46d10393d47e30ad23c6"
        },
        {
          "url": "https://git.kernel.org/stable/c/4d7b41c0e43995b0e992b9f8903109275744b658"
        }
      ],
      "title": "Bluetooth: L2CAP: Fix slab-use-after-free in l2cap_connect()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-36013",
    "datePublished": "2024-05-23T07:03:07.571Z",
    "dateReserved": "2024-05-17T13:50:33.153Z",
    "dateUpdated": "2026-05-11T20:15:38.405Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-36014 (GCVE-0-2024-36014)

Vulnerability from cvelistv5 – Published: 2024-05-29 06:06 – Updated: 2026-05-11 20:15

Title

drm/arm/malidp: fix a possible null pointer dereference

Summary

In the Linux kernel, the following vulnerability has been resolved: drm/arm/malidp: fix a possible null pointer dereference In malidp_mw_connector_reset, new memory is allocated with kzalloc, but no check is performed. In order to prevent null pointer dereferencing, ensure that mw_state is checked before calling __drm_atomic_helper_connector_reset.

Severity

No CVSS data available.

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

Assigner

Linux

References

10 references

URL	Tags
https://git.kernel.org/stable/c/b6cc5dd06336ed8bb…
https://git.kernel.org/stable/c/565d9ad7e5a18eb69…
https://git.kernel.org/stable/c/a5fa5b40a278a3ca9…
https://git.kernel.org/stable/c/3e54d4e9512064121…
https://git.kernel.org/stable/c/e4b52d49383306ef7…
https://git.kernel.org/stable/c/335cc45ef2b81b68b…
https://git.kernel.org/stable/c/b77620730f614059d…
https://git.kernel.org/stable/c/93f76ec1eddce60db…
https://git.kernel.org/stable/c/a1f95aede6285dba6…
https://lists.debian.org/debian-lts-announce/2024…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: 8cbc5caf36ef7a299b5cbedf55f27fd898d700bf , < b6cc5dd06336ed8bb3a7a1fc5aaf7d5e88bc0818 (git) Affected: 8cbc5caf36ef7a299b5cbedf55f27fd898d700bf , < 565d9ad7e5a18eb69ed8b66a9e9bb3f45346520c (git) Affected: 8cbc5caf36ef7a299b5cbedf55f27fd898d700bf , < a5fa5b40a278a3ca978fed64707bd27614adb1eb (git) Affected: 8cbc5caf36ef7a299b5cbedf55f27fd898d700bf , < 3e54d4e95120641216dfe91a6c49f116a9f68490 (git) Affected: 8cbc5caf36ef7a299b5cbedf55f27fd898d700bf , < e4b52d49383306ef73fd1bd9102538beebb0fe07 (git) Affected: 8cbc5caf36ef7a299b5cbedf55f27fd898d700bf , < 335cc45ef2b81b68be63c698b4f867a530bdf7a5 (git) Affected: 8cbc5caf36ef7a299b5cbedf55f27fd898d700bf , < b77620730f614059db2470e8ebab3e725280fc6d (git) Affected: 8cbc5caf36ef7a299b5cbedf55f27fd898d700bf , < 93f76ec1eddce60dbb5885cbc0d7df54adee4639 (git) Affected: 8cbc5caf36ef7a299b5cbedf55f27fd898d700bf , < a1f95aede6285dba6dd036d907196f35ae3a11ea (git)
Linux	Linux	Affected: 4.19 Unaffected: 0 , < 4.19 (semver) Unaffected: 4.19.316 , ≤ 4.19.* (semver) Unaffected: 5.4.278 , ≤ 5.4.* (semver) Unaffected: 5.10.219 , ≤ 5.10.* (semver) Unaffected: 5.15.161 , ≤ 5.15.* (semver) Unaffected: 6.1.93 , ≤ 6.1.* (semver) Unaffected: 6.6.33 , ≤ 6.6.* (semver) Unaffected: 6.8.12 , ≤ 6.8.* (semver) Unaffected: 6.9.3 , ≤ 6.9.* (semver) Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36014",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-13T20:39:41.355184Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-13T20:39:53.091Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T17:20:54.977Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b6cc5dd06336ed8bb3a7a1fc5aaf7d5e88bc0818"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/565d9ad7e5a18eb69ed8b66a9e9bb3f45346520c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a5fa5b40a278a3ca978fed64707bd27614adb1eb"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3e54d4e95120641216dfe91a6c49f116a9f68490"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e4b52d49383306ef73fd1bd9102538beebb0fe07"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/335cc45ef2b81b68be63c698b4f867a530bdf7a5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b77620730f614059db2470e8ebab3e725280fc6d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/93f76ec1eddce60dbb5885cbc0d7df54adee4639"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a1f95aede6285dba6dd036d907196f35ae3a11ea"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/arm/malidp_mw.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "b6cc5dd06336ed8bb3a7a1fc5aaf7d5e88bc0818",
              "status": "affected",
              "version": "8cbc5caf36ef7a299b5cbedf55f27fd898d700bf",
              "versionType": "git"
            },
            {
              "lessThan": "565d9ad7e5a18eb69ed8b66a9e9bb3f45346520c",
              "status": "affected",
              "version": "8cbc5caf36ef7a299b5cbedf55f27fd898d700bf",
              "versionType": "git"
            },
            {
              "lessThan": "a5fa5b40a278a3ca978fed64707bd27614adb1eb",
              "status": "affected",
              "version": "8cbc5caf36ef7a299b5cbedf55f27fd898d700bf",
              "versionType": "git"
            },
            {
              "lessThan": "3e54d4e95120641216dfe91a6c49f116a9f68490",
              "status": "affected",
              "version": "8cbc5caf36ef7a299b5cbedf55f27fd898d700bf",
              "versionType": "git"
            },
            {
              "lessThan": "e4b52d49383306ef73fd1bd9102538beebb0fe07",
              "status": "affected",
              "version": "8cbc5caf36ef7a299b5cbedf55f27fd898d700bf",
              "versionType": "git"
            },
            {
              "lessThan": "335cc45ef2b81b68be63c698b4f867a530bdf7a5",
              "status": "affected",
              "version": "8cbc5caf36ef7a299b5cbedf55f27fd898d700bf",
              "versionType": "git"
            },
            {
              "lessThan": "b77620730f614059db2470e8ebab3e725280fc6d",
              "status": "affected",
              "version": "8cbc5caf36ef7a299b5cbedf55f27fd898d700bf",
              "versionType": "git"
            },
            {
              "lessThan": "93f76ec1eddce60dbb5885cbc0d7df54adee4639",
              "status": "affected",
              "version": "8cbc5caf36ef7a299b5cbedf55f27fd898d700bf",
              "versionType": "git"
            },
            {
              "lessThan": "a1f95aede6285dba6dd036d907196f35ae3a11ea",
              "status": "affected",
              "version": "8cbc5caf36ef7a299b5cbedf55f27fd898d700bf",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/arm/malidp_mw.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.19"
            },
            {
              "lessThan": "4.19",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.316",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.278",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.219",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.161",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.93",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.33",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.316",
                  "versionStartIncluding": "4.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.278",
                  "versionStartIncluding": "4.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.219",
                  "versionStartIncluding": "4.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.161",
                  "versionStartIncluding": "4.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.93",
                  "versionStartIncluding": "4.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.33",
                  "versionStartIncluding": "4.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.12",
                  "versionStartIncluding": "4.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.3",
                  "versionStartIncluding": "4.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "4.19",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/arm/malidp: fix a possible null pointer dereference\n\nIn malidp_mw_connector_reset, new memory is allocated with kzalloc, but\nno check is performed. In order to prevent null pointer dereferencing,\nensure that mw_state is checked before calling\n__drm_atomic_helper_connector_reset."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T20:15:39.552Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/b6cc5dd06336ed8bb3a7a1fc5aaf7d5e88bc0818"
        },
        {
          "url": "https://git.kernel.org/stable/c/565d9ad7e5a18eb69ed8b66a9e9bb3f45346520c"
        },
        {
          "url": "https://git.kernel.org/stable/c/a5fa5b40a278a3ca978fed64707bd27614adb1eb"
        },
        {
          "url": "https://git.kernel.org/stable/c/3e54d4e95120641216dfe91a6c49f116a9f68490"
        },
        {
          "url": "https://git.kernel.org/stable/c/e4b52d49383306ef73fd1bd9102538beebb0fe07"
        },
        {
          "url": "https://git.kernel.org/stable/c/335cc45ef2b81b68be63c698b4f867a530bdf7a5"
        },
        {
          "url": "https://git.kernel.org/stable/c/b77620730f614059db2470e8ebab3e725280fc6d"
        },
        {
          "url": "https://git.kernel.org/stable/c/93f76ec1eddce60dbb5885cbc0d7df54adee4639"
        },
        {
          "url": "https://git.kernel.org/stable/c/a1f95aede6285dba6dd036d907196f35ae3a11ea"
        }
      ],
      "title": "drm/arm/malidp: fix a possible null pointer dereference",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-36014",
    "datePublished": "2024-05-29T06:06:25.631Z",
    "dateReserved": "2024-05-17T13:50:33.153Z",
    "dateUpdated": "2026-05-11T20:15:39.552Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CERTFR-2024-AVI-0694

Solutions

CVE-2024-36003 (GCVE-0-2024-36003)

CVE-2024-36004 (GCVE-0-2024-36004)

CVE-2024-36005 (GCVE-0-2024-36005)

CVE-2024-36006 (GCVE-0-2024-36006)

CVE-2024-36007 (GCVE-0-2024-36007)

CVE-2024-36009 (GCVE-0-2024-36009)

CVE-2024-36011 (GCVE-0-2024-36011)

CVE-2024-36012 (GCVE-0-2024-36012)

CVE-2024-36013 (GCVE-0-2024-36013)

CVE-2024-36014 (GCVE-0-2024-36014)

Tags

Sightings

Nomenclature