CVE-2024-36886 (GCVE-0-2024-36886)

Vulnerability from cvelistv5 – Published: 2024-05-30 15:28 – Updated: 2026-05-11 20:16
VLAI
Title
tipc: fix UAF in error path
Summary
In the Linux kernel, the following vulnerability has been resolved: tipc: fix UAF in error path Sam Page (sam4k) working with Trend Micro Zero Day Initiative reported a UAF in the tipc_buf_append() error path: BUG: KASAN: slab-use-after-free in kfree_skb_list_reason+0x47e/0x4c0 linux/net/core/skbuff.c:1183 Read of size 8 at addr ffff88804d2a7c80 by task poc/8034 CPU: 1 PID: 8034 Comm: poc Not tainted 6.8.2 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-debian-1.16.0-5 04/01/2014 Call Trace: <IRQ> __dump_stack linux/lib/dump_stack.c:88 dump_stack_lvl+0xd9/0x1b0 linux/lib/dump_stack.c:106 print_address_description linux/mm/kasan/report.c:377 print_report+0xc4/0x620 linux/mm/kasan/report.c:488 kasan_report+0xda/0x110 linux/mm/kasan/report.c:601 kfree_skb_list_reason+0x47e/0x4c0 linux/net/core/skbuff.c:1183 skb_release_data+0x5af/0x880 linux/net/core/skbuff.c:1026 skb_release_all linux/net/core/skbuff.c:1094 __kfree_skb linux/net/core/skbuff.c:1108 kfree_skb_reason+0x12d/0x210 linux/net/core/skbuff.c:1144 kfree_skb linux/./include/linux/skbuff.h:1244 tipc_buf_append+0x425/0xb50 linux/net/tipc/msg.c:186 tipc_link_input+0x224/0x7c0 linux/net/tipc/link.c:1324 tipc_link_rcv+0x76e/0x2d70 linux/net/tipc/link.c:1824 tipc_rcv+0x45f/0x10f0 linux/net/tipc/node.c:2159 tipc_udp_recv+0x73b/0x8f0 linux/net/tipc/udp_media.c:390 udp_queue_rcv_one_skb+0xad2/0x1850 linux/net/ipv4/udp.c:2108 udp_queue_rcv_skb+0x131/0xb00 linux/net/ipv4/udp.c:2186 udp_unicast_rcv_skb+0x165/0x3b0 linux/net/ipv4/udp.c:2346 __udp4_lib_rcv+0x2594/0x3400 linux/net/ipv4/udp.c:2422 ip_protocol_deliver_rcu+0x30c/0x4e0 linux/net/ipv4/ip_input.c:205 ip_local_deliver_finish+0x2e4/0x520 linux/net/ipv4/ip_input.c:233 NF_HOOK linux/./include/linux/netfilter.h:314 NF_HOOK linux/./include/linux/netfilter.h:308 ip_local_deliver+0x18e/0x1f0 linux/net/ipv4/ip_input.c:254 dst_input linux/./include/net/dst.h:461 ip_rcv_finish linux/net/ipv4/ip_input.c:449 NF_HOOK linux/./include/linux/netfilter.h:314 NF_HOOK linux/./include/linux/netfilter.h:308 ip_rcv+0x2c5/0x5d0 linux/net/ipv4/ip_input.c:569 __netif_receive_skb_one_core+0x199/0x1e0 linux/net/core/dev.c:5534 __netif_receive_skb+0x1f/0x1c0 linux/net/core/dev.c:5648 process_backlog+0x101/0x6b0 linux/net/core/dev.c:5976 __napi_poll.constprop.0+0xba/0x550 linux/net/core/dev.c:6576 napi_poll linux/net/core/dev.c:6645 net_rx_action+0x95a/0xe90 linux/net/core/dev.c:6781 __do_softirq+0x21f/0x8e7 linux/kernel/softirq.c:553 do_softirq linux/kernel/softirq.c:454 do_softirq+0xb2/0xf0 linux/kernel/softirq.c:441 </IRQ> <TASK> __local_bh_enable_ip+0x100/0x120 linux/kernel/softirq.c:381 local_bh_enable linux/./include/linux/bottom_half.h:33 rcu_read_unlock_bh linux/./include/linux/rcupdate.h:851 __dev_queue_xmit+0x871/0x3ee0 linux/net/core/dev.c:4378 dev_queue_xmit linux/./include/linux/netdevice.h:3169 neigh_hh_output linux/./include/net/neighbour.h:526 neigh_output linux/./include/net/neighbour.h:540 ip_finish_output2+0x169f/0x2550 linux/net/ipv4/ip_output.c:235 __ip_finish_output linux/net/ipv4/ip_output.c:313 __ip_finish_output+0x49e/0x950 linux/net/ipv4/ip_output.c:295 ip_finish_output+0x31/0x310 linux/net/ipv4/ip_output.c:323 NF_HOOK_COND linux/./include/linux/netfilter.h:303 ip_output+0x13b/0x2a0 linux/net/ipv4/ip_output.c:433 dst_output linux/./include/net/dst.h:451 ip_local_out linux/net/ipv4/ip_output.c:129 ip_send_skb+0x3e5/0x560 linux/net/ipv4/ip_output.c:1492 udp_send_skb+0x73f/0x1530 linux/net/ipv4/udp.c:963 udp_sendmsg+0x1a36/0x2b40 linux/net/ipv4/udp.c:1250 inet_sendmsg+0x105/0x140 linux/net/ipv4/af_inet.c:850 sock_sendmsg_nosec linux/net/socket.c:730 __sock_sendmsg linux/net/socket.c:745 __sys_sendto+0x42c/0x4e0 linux/net/socket.c:2191 __do_sys_sendto linux/net/socket.c:2203 __se_sys_sendto linux/net/socket.c:2199 __x64_sys_sendto+0xe0/0x1c0 linux/net/socket.c:2199 do_syscall_x64 linux/arch/x86/entry/common.c:52 do_syscall_ ---truncated---
Severity
8.1 (High)
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: 1149557d64c97dc9adf3103347a1c0e8c06d3b89 , < e19ec8ab0e25bc4803d7cc91c84e84532e2781bd (git)
Affected: 1149557d64c97dc9adf3103347a1c0e8c06d3b89 , < 93bc2d6d16f2c3178736ba6b845b30475856dc40 (git)
Affected: 1149557d64c97dc9adf3103347a1c0e8c06d3b89 , < 367766ff9e407f8a68409b7ce4dc4d5a72afeab1 (git)
Affected: 1149557d64c97dc9adf3103347a1c0e8c06d3b89 , < 66116556076f0b96bc1aa9844008c743c8c67684 (git)
Affected: 1149557d64c97dc9adf3103347a1c0e8c06d3b89 , < 21ea04aad8a0839b4ec27ef1691ca480620e8e14 (git)
Affected: 1149557d64c97dc9adf3103347a1c0e8c06d3b89 , < ffd4917c1edb3c3ff334fce3704fbe9c39f35682 (git)
Affected: 1149557d64c97dc9adf3103347a1c0e8c06d3b89 , < a0fbb26f8247e326a320e2cb4395bfb234332c90 (git)
Affected: 1149557d64c97dc9adf3103347a1c0e8c06d3b89 , < 080cbb890286cd794f1ee788bbc5463e2deb7c2b (git)
Create a notification for this product.
Linux Linux Affected: 4.1
Unaffected: 0 , < 4.1 (semver)
Unaffected: 4.19.314 , ≤ 4.19.* (semver)
Unaffected: 5.4.276 , ≤ 5.4.* (semver)
Unaffected: 5.10.217 , ≤ 5.10.* (semver)
Unaffected: 5.15.159 , ≤ 5.15.* (semver)
Unaffected: 6.1.91 , ≤ 6.1.* (semver)
Unaffected: 6.6.31 , ≤ 6.6.* (semver)
Unaffected: 6.8.10 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)
Create a notification for this product.
linux linux_kernel Affected: 4.1
    cpe:2.3:o:linux:linux_kernel:4.1:-:*:*:*:*:*:*
 Create a notification for this product.
linux linux_kernel Affected: 1149557d64c9 , < e19ec8ab0e25 (custom)
Affected: 1149557d64c9 , < 93bc2d6d16f2 (custom)
Affected: 1149557d64c9 , < 367766ff9e40 (custom)
Affected: 1149557d64c9 , < 66116556076f (custom)
Affected: 1149557d64c9 , < 21ea04aad8a0 (custom)
Affected: 1149557d64c9 , < ffd4917c1edb (custom)
Affected: 1149557d64c9 , < a0fbb26f8247 (custom)
Affected: 1149557d64c9 , < 080cbb890286 (custom)
    cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
 Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:4.1:-:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "affected",
                "version": "4.1"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "e19ec8ab0e25",
                "status": "affected",
                "version": "1149557d64c9",
                "versionType": "custom"
              },
              {
                "lessThan": "93bc2d6d16f2",
                "status": "affected",
                "version": "1149557d64c9",
                "versionType": "custom"
              },
              {
                "lessThan": "367766ff9e40",
                "status": "affected",
                "version": "1149557d64c9",
                "versionType": "custom"
              },
              {
                "lessThan": "66116556076f",
                "status": "affected",
                "version": "1149557d64c9",
                "versionType": "custom"
              },
              {
                "lessThan": "21ea04aad8a0",
                "status": "affected",
                "version": "1149557d64c9",
                "versionType": "custom"
              },
              {
                "lessThan": "ffd4917c1edb",
                "status": "affected",
                "version": "1149557d64c9",
                "versionType": "custom"
              },
              {
                "lessThan": "a0fbb26f8247",
                "status": "affected",
                "version": "1149557d64c9",
                "versionType": "custom"
              },
              {
                "lessThan": "080cbb890286",
                "status": "affected",
                "version": "1149557d64c9",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.1,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-36886",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-22T03:55:33.064938Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-24T12:40:50.587Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-10-18T13:07:39.609Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e19ec8ab0e25bc4803d7cc91c84e84532e2781bd"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/93bc2d6d16f2c3178736ba6b845b30475856dc40"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/367766ff9e407f8a68409b7ce4dc4d5a72afeab1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/66116556076f0b96bc1aa9844008c743c8c67684"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/21ea04aad8a0839b4ec27ef1691ca480620e8e14"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ffd4917c1edb3c3ff334fce3704fbe9c39f35682"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a0fbb26f8247e326a320e2cb4395bfb234332c90"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/080cbb890286cd794f1ee788bbc5463e2deb7c2b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20241018-0002/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/tipc/msg.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "e19ec8ab0e25bc4803d7cc91c84e84532e2781bd",
              "status": "affected",
              "version": "1149557d64c97dc9adf3103347a1c0e8c06d3b89",
              "versionType": "git"
            },
            {
              "lessThan": "93bc2d6d16f2c3178736ba6b845b30475856dc40",
              "status": "affected",
              "version": "1149557d64c97dc9adf3103347a1c0e8c06d3b89",
              "versionType": "git"
            },
            {
              "lessThan": "367766ff9e407f8a68409b7ce4dc4d5a72afeab1",
              "status": "affected",
              "version": "1149557d64c97dc9adf3103347a1c0e8c06d3b89",
              "versionType": "git"
            },
            {
              "lessThan": "66116556076f0b96bc1aa9844008c743c8c67684",
              "status": "affected",
              "version": "1149557d64c97dc9adf3103347a1c0e8c06d3b89",
              "versionType": "git"
            },
            {
              "lessThan": "21ea04aad8a0839b4ec27ef1691ca480620e8e14",
              "status": "affected",
              "version": "1149557d64c97dc9adf3103347a1c0e8c06d3b89",
              "versionType": "git"
            },
            {
              "lessThan": "ffd4917c1edb3c3ff334fce3704fbe9c39f35682",
              "status": "affected",
              "version": "1149557d64c97dc9adf3103347a1c0e8c06d3b89",
              "versionType": "git"
            },
            {
              "lessThan": "a0fbb26f8247e326a320e2cb4395bfb234332c90",
              "status": "affected",
              "version": "1149557d64c97dc9adf3103347a1c0e8c06d3b89",
              "versionType": "git"
            },
            {
              "lessThan": "080cbb890286cd794f1ee788bbc5463e2deb7c2b",
              "status": "affected",
              "version": "1149557d64c97dc9adf3103347a1c0e8c06d3b89",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/tipc/msg.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.1"
            },
            {
              "lessThan": "4.1",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.314",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.276",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.217",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.159",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.91",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.31",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.314",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.276",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.217",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.159",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.91",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.31",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.10",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: fix UAF in error path\n\nSam Page (sam4k) working with Trend Micro Zero Day Initiative reported\na UAF in the tipc_buf_append() error path:\n\nBUG: KASAN: slab-use-after-free in kfree_skb_list_reason+0x47e/0x4c0\nlinux/net/core/skbuff.c:1183\nRead of size 8 at addr ffff88804d2a7c80 by task poc/8034\n\nCPU: 1 PID: 8034 Comm: poc Not tainted 6.8.2 #1\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\n1.16.0-debian-1.16.0-5 04/01/2014\nCall Trace:\n \u003cIRQ\u003e\n __dump_stack linux/lib/dump_stack.c:88\n dump_stack_lvl+0xd9/0x1b0 linux/lib/dump_stack.c:106\n print_address_description linux/mm/kasan/report.c:377\n print_report+0xc4/0x620 linux/mm/kasan/report.c:488\n kasan_report+0xda/0x110 linux/mm/kasan/report.c:601\n kfree_skb_list_reason+0x47e/0x4c0 linux/net/core/skbuff.c:1183\n skb_release_data+0x5af/0x880 linux/net/core/skbuff.c:1026\n skb_release_all linux/net/core/skbuff.c:1094\n __kfree_skb linux/net/core/skbuff.c:1108\n kfree_skb_reason+0x12d/0x210 linux/net/core/skbuff.c:1144\n kfree_skb linux/./include/linux/skbuff.h:1244\n tipc_buf_append+0x425/0xb50 linux/net/tipc/msg.c:186\n tipc_link_input+0x224/0x7c0 linux/net/tipc/link.c:1324\n tipc_link_rcv+0x76e/0x2d70 linux/net/tipc/link.c:1824\n tipc_rcv+0x45f/0x10f0 linux/net/tipc/node.c:2159\n tipc_udp_recv+0x73b/0x8f0 linux/net/tipc/udp_media.c:390\n udp_queue_rcv_one_skb+0xad2/0x1850 linux/net/ipv4/udp.c:2108\n udp_queue_rcv_skb+0x131/0xb00 linux/net/ipv4/udp.c:2186\n udp_unicast_rcv_skb+0x165/0x3b0 linux/net/ipv4/udp.c:2346\n __udp4_lib_rcv+0x2594/0x3400 linux/net/ipv4/udp.c:2422\n ip_protocol_deliver_rcu+0x30c/0x4e0 linux/net/ipv4/ip_input.c:205\n ip_local_deliver_finish+0x2e4/0x520 linux/net/ipv4/ip_input.c:233\n NF_HOOK linux/./include/linux/netfilter.h:314\n NF_HOOK linux/./include/linux/netfilter.h:308\n ip_local_deliver+0x18e/0x1f0 linux/net/ipv4/ip_input.c:254\n dst_input linux/./include/net/dst.h:461\n ip_rcv_finish linux/net/ipv4/ip_input.c:449\n NF_HOOK linux/./include/linux/netfilter.h:314\n NF_HOOK linux/./include/linux/netfilter.h:308\n ip_rcv+0x2c5/0x5d0 linux/net/ipv4/ip_input.c:569\n __netif_receive_skb_one_core+0x199/0x1e0 linux/net/core/dev.c:5534\n __netif_receive_skb+0x1f/0x1c0 linux/net/core/dev.c:5648\n process_backlog+0x101/0x6b0 linux/net/core/dev.c:5976\n __napi_poll.constprop.0+0xba/0x550 linux/net/core/dev.c:6576\n napi_poll linux/net/core/dev.c:6645\n net_rx_action+0x95a/0xe90 linux/net/core/dev.c:6781\n __do_softirq+0x21f/0x8e7 linux/kernel/softirq.c:553\n do_softirq linux/kernel/softirq.c:454\n do_softirq+0xb2/0xf0 linux/kernel/softirq.c:441\n \u003c/IRQ\u003e\n \u003cTASK\u003e\n __local_bh_enable_ip+0x100/0x120 linux/kernel/softirq.c:381\n local_bh_enable linux/./include/linux/bottom_half.h:33\n rcu_read_unlock_bh linux/./include/linux/rcupdate.h:851\n __dev_queue_xmit+0x871/0x3ee0 linux/net/core/dev.c:4378\n dev_queue_xmit linux/./include/linux/netdevice.h:3169\n neigh_hh_output linux/./include/net/neighbour.h:526\n neigh_output linux/./include/net/neighbour.h:540\n ip_finish_output2+0x169f/0x2550 linux/net/ipv4/ip_output.c:235\n __ip_finish_output linux/net/ipv4/ip_output.c:313\n __ip_finish_output+0x49e/0x950 linux/net/ipv4/ip_output.c:295\n ip_finish_output+0x31/0x310 linux/net/ipv4/ip_output.c:323\n NF_HOOK_COND linux/./include/linux/netfilter.h:303\n ip_output+0x13b/0x2a0 linux/net/ipv4/ip_output.c:433\n dst_output linux/./include/net/dst.h:451\n ip_local_out linux/net/ipv4/ip_output.c:129\n ip_send_skb+0x3e5/0x560 linux/net/ipv4/ip_output.c:1492\n udp_send_skb+0x73f/0x1530 linux/net/ipv4/udp.c:963\n udp_sendmsg+0x1a36/0x2b40 linux/net/ipv4/udp.c:1250\n inet_sendmsg+0x105/0x140 linux/net/ipv4/af_inet.c:850\n sock_sendmsg_nosec linux/net/socket.c:730\n __sock_sendmsg linux/net/socket.c:745\n __sys_sendto+0x42c/0x4e0 linux/net/socket.c:2191\n __do_sys_sendto linux/net/socket.c:2203\n __se_sys_sendto linux/net/socket.c:2199\n __x64_sys_sendto+0xe0/0x1c0 linux/net/socket.c:2199\n do_syscall_x64 linux/arch/x86/entry/common.c:52\n do_syscall_\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T20:16:23.394Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/e19ec8ab0e25bc4803d7cc91c84e84532e2781bd"
        },
        {
          "url": "https://git.kernel.org/stable/c/93bc2d6d16f2c3178736ba6b845b30475856dc40"
        },
        {
          "url": "https://git.kernel.org/stable/c/367766ff9e407f8a68409b7ce4dc4d5a72afeab1"
        },
        {
          "url": "https://git.kernel.org/stable/c/66116556076f0b96bc1aa9844008c743c8c67684"
        },
        {
          "url": "https://git.kernel.org/stable/c/21ea04aad8a0839b4ec27ef1691ca480620e8e14"
        },
        {
          "url": "https://git.kernel.org/stable/c/ffd4917c1edb3c3ff334fce3704fbe9c39f35682"
        },
        {
          "url": "https://git.kernel.org/stable/c/a0fbb26f8247e326a320e2cb4395bfb234332c90"
        },
        {
          "url": "https://git.kernel.org/stable/c/080cbb890286cd794f1ee788bbc5463e2deb7c2b"
        }
      ],
      "title": "tipc: fix UAF in error path",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-36886",
    "datePublished": "2024-05-30T15:28:55.059Z",
    "dateReserved": "2024-05-30T15:25:07.065Z",
    "dateUpdated": "2026-05-11T20:16:23.394Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2024-36886",
      "date": "2026-06-07",
      "epss": "0.00301",
      "percentile": "0.53799"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-36886\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-05-30T16:15:12.150\",\"lastModified\":\"2026-01-22T20:24:06.567\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\ntipc: fix UAF in error path\\n\\nSam Page (sam4k) working with Trend Micro Zero Day Initiative reported\\na UAF in the tipc_buf_append() error path:\\n\\nBUG: KASAN: slab-use-after-free in kfree_skb_list_reason+0x47e/0x4c0\\nlinux/net/core/skbuff.c:1183\\nRead of size 8 at addr ffff88804d2a7c80 by task poc/8034\\n\\nCPU: 1 PID: 8034 Comm: poc Not tainted 6.8.2 #1\\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\\n1.16.0-debian-1.16.0-5 04/01/2014\\nCall Trace:\\n \u003cIRQ\u003e\\n __dump_stack linux/lib/dump_stack.c:88\\n dump_stack_lvl+0xd9/0x1b0 linux/lib/dump_stack.c:106\\n print_address_description linux/mm/kasan/report.c:377\\n print_report+0xc4/0x620 linux/mm/kasan/report.c:488\\n kasan_report+0xda/0x110 linux/mm/kasan/report.c:601\\n kfree_skb_list_reason+0x47e/0x4c0 linux/net/core/skbuff.c:1183\\n skb_release_data+0x5af/0x880 linux/net/core/skbuff.c:1026\\n skb_release_all linux/net/core/skbuff.c:1094\\n __kfree_skb linux/net/core/skbuff.c:1108\\n kfree_skb_reason+0x12d/0x210 linux/net/core/skbuff.c:1144\\n kfree_skb linux/./include/linux/skbuff.h:1244\\n tipc_buf_append+0x425/0xb50 linux/net/tipc/msg.c:186\\n tipc_link_input+0x224/0x7c0 linux/net/tipc/link.c:1324\\n tipc_link_rcv+0x76e/0x2d70 linux/net/tipc/link.c:1824\\n tipc_rcv+0x45f/0x10f0 linux/net/tipc/node.c:2159\\n tipc_udp_recv+0x73b/0x8f0 linux/net/tipc/udp_media.c:390\\n udp_queue_rcv_one_skb+0xad2/0x1850 linux/net/ipv4/udp.c:2108\\n udp_queue_rcv_skb+0x131/0xb00 linux/net/ipv4/udp.c:2186\\n udp_unicast_rcv_skb+0x165/0x3b0 linux/net/ipv4/udp.c:2346\\n __udp4_lib_rcv+0x2594/0x3400 linux/net/ipv4/udp.c:2422\\n ip_protocol_deliver_rcu+0x30c/0x4e0 linux/net/ipv4/ip_input.c:205\\n ip_local_deliver_finish+0x2e4/0x520 linux/net/ipv4/ip_input.c:233\\n NF_HOOK linux/./include/linux/netfilter.h:314\\n NF_HOOK linux/./include/linux/netfilter.h:308\\n ip_local_deliver+0x18e/0x1f0 linux/net/ipv4/ip_input.c:254\\n dst_input linux/./include/net/dst.h:461\\n ip_rcv_finish linux/net/ipv4/ip_input.c:449\\n NF_HOOK linux/./include/linux/netfilter.h:314\\n NF_HOOK linux/./include/linux/netfilter.h:308\\n ip_rcv+0x2c5/0x5d0 linux/net/ipv4/ip_input.c:569\\n __netif_receive_skb_one_core+0x199/0x1e0 linux/net/core/dev.c:5534\\n __netif_receive_skb+0x1f/0x1c0 linux/net/core/dev.c:5648\\n process_backlog+0x101/0x6b0 linux/net/core/dev.c:5976\\n __napi_poll.constprop.0+0xba/0x550 linux/net/core/dev.c:6576\\n napi_poll linux/net/core/dev.c:6645\\n net_rx_action+0x95a/0xe90 linux/net/core/dev.c:6781\\n __do_softirq+0x21f/0x8e7 linux/kernel/softirq.c:553\\n do_softirq linux/kernel/softirq.c:454\\n do_softirq+0xb2/0xf0 linux/kernel/softirq.c:441\\n \u003c/IRQ\u003e\\n \u003cTASK\u003e\\n __local_bh_enable_ip+0x100/0x120 linux/kernel/softirq.c:381\\n local_bh_enable linux/./include/linux/bottom_half.h:33\\n rcu_read_unlock_bh linux/./include/linux/rcupdate.h:851\\n __dev_queue_xmit+0x871/0x3ee0 linux/net/core/dev.c:4378\\n dev_queue_xmit linux/./include/linux/netdevice.h:3169\\n neigh_hh_output linux/./include/net/neighbour.h:526\\n neigh_output linux/./include/net/neighbour.h:540\\n ip_finish_output2+0x169f/0x2550 linux/net/ipv4/ip_output.c:235\\n __ip_finish_output linux/net/ipv4/ip_output.c:313\\n __ip_finish_output+0x49e/0x950 linux/net/ipv4/ip_output.c:295\\n ip_finish_output+0x31/0x310 linux/net/ipv4/ip_output.c:323\\n NF_HOOK_COND linux/./include/linux/netfilter.h:303\\n ip_output+0x13b/0x2a0 linux/net/ipv4/ip_output.c:433\\n dst_output linux/./include/net/dst.h:451\\n ip_local_out linux/net/ipv4/ip_output.c:129\\n ip_send_skb+0x3e5/0x560 linux/net/ipv4/ip_output.c:1492\\n udp_send_skb+0x73f/0x1530 linux/net/ipv4/udp.c:963\\n udp_sendmsg+0x1a36/0x2b40 linux/net/ipv4/udp.c:1250\\n inet_sendmsg+0x105/0x140 linux/net/ipv4/af_inet.c:850\\n sock_sendmsg_nosec linux/net/socket.c:730\\n __sock_sendmsg linux/net/socket.c:745\\n __sys_sendto+0x42c/0x4e0 linux/net/socket.c:2191\\n __do_sys_sendto linux/net/socket.c:2203\\n __se_sys_sendto linux/net/socket.c:2199\\n __x64_sys_sendto+0xe0/0x1c0 linux/net/socket.c:2199\\n do_syscall_x64 linux/arch/x86/entry/common.c:52\\n do_syscall_\\n---truncated---\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: tipc: corrija UAF en la ruta de error Sam Page (sam4k), que trabaja con Trend Micro Zero Day Initiative, inform\u00f3 un UAF en la ruta de error tipc_buf_append(): ERROR: KASAN: slab-use- after-free en kfree_skb_list_reason+0x47e/0x4c0 linux/net/core/skbuff.c:1183 Lectura de tama\u00f1o 8 en la direcci\u00f3n ffff88804d2a7c80 por tarea poc/8034 CPU: 1 PID: 8034 Comm: poc Not tainted 6.8.2 #1 Nombre de hardware : PC est\u00e1ndar QEMU (i440FX + PIIX, 1996), BIOS 1.16.0-debian-1.16.0-5 01/04/2014 Seguimiento de llamadas:  __dump_stack linux/lib/dump_stack.c:88 dump_stack_lvl+0xd9/0x1b0 linux/lib/dump_stack.c:106 print_address_description linux/mm/kasan/report.c:377 print_report+0xc4/0x620 linux/mm/kasan/report.c:488 kasan_report+0xda/0x110 linux/mm/kasan/report. c:601 kfree_skb_list_reason+0x47e/0x4c0 linux/net/core/skbuff.c:1183 skb_release_data+0x5af/0x880 linux/net/core/skbuff.c:1026 skb_release_all linux/net/core/skbuff.c:1094 __kfree_skb linux/ net/core/skbuff.c:1108 kfree_skb_reason+0x12d/0x210 linux/net/core/skbuff.c:1144 kfree_skb linux/./include/linux/skbuff.h:1244 tipc_buf_append+0x425/0xb50 linux/net/tipc/ msg.c:186 tipc_link_input+0x224/0x7c0 linux/net/tipc/link.c:1324 tipc_link_rcv+0x76e/0x2d70 linux/net/tipc/link.c:1824 tipc_rcv+0x45f/0x10f0 linux/net/tipc/node. c:2159 tipc_udp_recv+0x73b/0x8f0 linux/net/tipc/udp_media.c:390 udp_queue_rcv_one_skb+0xad2/0x1850 linux/net/ipv4/udp.c:2108 udp_queue_rcv_skb+0x131/0xb00 4/udp.c: 2186 udp_unicast_rcv_skb+0x165/0x3b0 linux/net/ipv4/udp.c:2346 __udp4_lib_rcv+0x2594/0x3400 linux/net/ipv4/udp.c:2422 ip_protocol_deliver_rcu+0x30c/0x4e0 4/ip_input.c:205 ip_local_deliver_finish +0x2e4/0x520 linux/net/ipv4/ip_input.c:233 NF_HOOK linux/./include/linux/netfilter.h:314 NF_HOOK linux/./include/linux/netfilter.h:308 ip_local_deliver+0x18e/0x1f0 linux/ net/ipv4/ip_input.c:254 dst_input linux/./include/net/dst.h:461 ip_rcv_finish linux/net/ipv4/ip_input.c:449 NF_HOOK linux/./include/linux/netfilter.h:314 NF_HOOK linux/./include/linux/netfilter.h:308 ip_rcv+0x2c5/0x5d0 linux/net/ipv4/ip_input.c:569 __netif_receive_skb_one_core+0x199/0x1e0 linux/net/core/dev.c:5534 __netif_receive_skb+0x1f/0x1c 0 linux/net/core/dev.c:5648 Process_backlog+0x101/0x6b0 linux/net/core/dev.c:5976 __napi_poll.constprop.0+0xba/0x550 linux/net/core/dev.c:6576 napi_poll linux/ net/core/dev.c:6645 net_rx_action+0x95a/0xe90 linux/net/core/dev.c:6781 __do_softirq+0x21f/0x8e7 linux/kernel/softirq.c:553 do_softirq linux/kernel/softirq.c:454 do_softirq +0xb2/0xf0 linux/kernel/softirq.c:441   __local_bh_enable_ip+0x100/0x120 linux/kernel/softirq.c:381 local_bh_enable linux/./include/linux/bottom_half.h:33 rcu_read_unlock_bh linux /./include/linux/rcupdate.h:851 __dev_queue_xmit+0x871/0x3ee0 linux/net/core/dev.c:4378 dev_queue_xmit linux/./include/linux/netdevice.h:3169 neigh_hh_output linux/./include/net /neighbour.h:526 neigh_output linux/./include/net/neighbour.h:540 ip_finish_output2+0x169f/0x2550 linux/net/ipv4/ip_output.c:235 __ip_finish_output linux/net/ipv4/ip_output.c:313 __ip_finish_output+ 0x49e/0x950 linux/net/ipv4/ip_output.c:295 ip_finish_output+0x31/0x310 linux/net/ipv4/ip_output.c:323 NF_HOOK_COND linux/./include/linux/netfilter.h:303 ip_output+0x13b/0x2a0 linux /net/ipv4/ip_output.c:433 dst_output linux/./include/net/dst.h:451 ip_local_out linux/net/ipv4/ip_output.c:129 ip_send_skb+0x3e5/0x560 linux/net/ipv4/ip_output.c :1492 udp_send_skb+0x73f/0x1530 linux/net/ipv4/udp.c:963 udp_sendmsg+0x1a36/0x2b40 linux/net/ipv4/udp.c:1250 inet_sendmsg+0x105/0x140 :850 sock_sendmsg_nosec linux/net/socket.c:730 __sock_sendmsg linux/net/socket.c:745 __sys_sendto+0x42c/0x4e0 linux/net/socket.c:2191 __do_sys_sendto linux/net/socket.c:2203 __se_sys_sendto linux/red/socket .c:2199 __x64_sys_sendto+0xe0/0x1c0 linux/net/socket.c:2199 do_syscall_x64 linux/arch/x86/entry/common.c:52 do_syscall_ ---truncado---\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.1\",\"versionEndExcluding\":\"4.19.314\",\"matchCriteriaId\":\"3C818C46-09EF-4DF1-840F-906C40E651DF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.20\",\"versionEndExcluding\":\"5.4.276\",\"matchCriteriaId\":\"126C6EEC-8874-4233-AE09-634924FCDDF4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.5\",\"versionEndExcluding\":\"5.10.217\",\"matchCriteriaId\":\"AC67C71C-2044-40BA-B590-61E562F69F89\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11\",\"versionEndExcluding\":\"5.15.159\",\"matchCriteriaId\":\"F16678CD-F7C6-4BF6-ABA8-E7600857197B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.16\",\"versionEndExcluding\":\"6.1.91\",\"matchCriteriaId\":\"4F8C886C-75AA-469B-A6A9-12BF1A29C0D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2\",\"versionEndExcluding\":\"6.6.31\",\"matchCriteriaId\":\"CDDB1F69-36AC-41C1-9192-E7CCEF5FFC00\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7\",\"versionEndExcluding\":\"6.8.10\",\"matchCriteriaId\":\"6A6B920C-8D8F-4130-86B4-AD334F4CF2E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"22BEDD49-2C6D-402D-9DBF-6646F6ECD10B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.9:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"DF73CB2A-DFFD-46FB-9BFE-AA394F27EA37\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.9:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"52048DDA-FC5A-4363-95A0-A6357B4D7F8C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.9:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"A06B2CCF-3F43-4FA9-8773-C83C3F5764B2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.9:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"F850DCEC-E08B-4317-A33B-D2DCF39F601B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.9:rc6:*:*:*:*:*:*\",\"matchCriteriaId\":\"91326417-E981-482E-A5A3-28BC1327521B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/080cbb890286cd794f1ee788bbc5463e2deb7c2b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/21ea04aad8a0839b4ec27ef1691ca480620e8e14\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/367766ff9e407f8a68409b7ce4dc4d5a72afeab1\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/66116556076f0b96bc1aa9844008c743c8c67684\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/93bc2d6d16f2c3178736ba6b845b30475856dc40\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/a0fbb26f8247e326a320e2cb4395bfb234332c90\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/e19ec8ab0e25bc4803d7cc91c84e84532e2781bd\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/ffd4917c1edb3c3ff334fce3704fbe9c39f35682\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/080cbb890286cd794f1ee788bbc5463e2deb7c2b\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/21ea04aad8a0839b4ec27ef1691ca480620e8e14\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/367766ff9e407f8a68409b7ce4dc4d5a72afeab1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/66116556076f0b96bc1aa9844008c743c8c67684\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/93bc2d6d16f2c3178736ba6b845b30475856dc40\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/a0fbb26f8247e326a320e2cb4395bfb234332c90\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/e19ec8ab0e25bc4803d7cc91c84e84532e2781bd\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/ffd4917c1edb3c3ff334fce3704fbe9c39f35682\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20241018-0002/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://git.kernel.org/stable/c/e19ec8ab0e25bc4803d7cc91c84e84532e2781bd\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/93bc2d6d16f2c3178736ba6b845b30475856dc40\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/367766ff9e407f8a68409b7ce4dc4d5a72afeab1\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/66116556076f0b96bc1aa9844008c743c8c67684\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/21ea04aad8a0839b4ec27ef1691ca480620e8e14\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/ffd4917c1edb3c3ff334fce3704fbe9c39f35682\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/a0fbb26f8247e326a320e2cb4395bfb234332c90\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/080cbb890286cd794f1ee788bbc5463e2deb7c2b\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20241018-0002/\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-10-18T13:07:39.609Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-36886\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-06-22T03:55:33.064938Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:o:linux:linux_kernel:4.1:-:*:*:*:*:*:*\"], \"vendor\": \"linux\", \"product\": \"linux_kernel\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.1\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\"], \"vendor\": \"linux\", \"product\": \"linux_kernel\", \"versions\": [{\"status\": \"affected\", \"version\": \"1149557d64c9\", \"lessThan\": \"e19ec8ab0e25\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"1149557d64c9\", \"lessThan\": \"93bc2d6d16f2\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"1149557d64c9\", \"lessThan\": \"367766ff9e40\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"1149557d64c9\", \"lessThan\": \"66116556076f\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"1149557d64c9\", \"lessThan\": \"21ea04aad8a0\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"1149557d64c9\", \"lessThan\": \"ffd4917c1edb\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"1149557d64c9\", \"lessThan\": \"a0fbb26f8247\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"1149557d64c9\", \"lessThan\": \"080cbb890286\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-416\", \"description\": \"CWE-416 Use After Free\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-06-24T12:35:43.683Z\"}}], \"cna\": {\"title\": \"tipc: fix UAF in error path\", \"affected\": [{\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"1149557d64c9\", \"lessThan\": \"e19ec8ab0e25\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"1149557d64c9\", \"lessThan\": \"93bc2d6d16f2\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"1149557d64c9\", \"lessThan\": \"367766ff9e40\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"1149557d64c9\", \"lessThan\": \"66116556076f\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"1149557d64c9\", \"lessThan\": \"21ea04aad8a0\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"1149557d64c9\", \"lessThan\": \"ffd4917c1edb\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"1149557d64c9\", \"lessThan\": \"a0fbb26f8247\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"1149557d64c9\", \"lessThan\": \"080cbb890286\", \"versionType\": \"git\"}], \"programFiles\": [\"net/tipc/msg.c\"], \"defaultStatus\": \"unaffected\"}, {\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.1\"}, {\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"4.1\", \"versionType\": \"custom\"}, {\"status\": \"unaffected\", \"version\": \"4.19.314\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"4.19.*\"}, {\"status\": \"unaffected\", \"version\": \"5.4.276\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"5.4.*\"}, {\"status\": \"unaffected\", \"version\": \"5.10.217\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"5.10.*\"}, {\"status\": \"unaffected\", \"version\": \"5.15.159\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"5.15.*\"}, {\"status\": \"unaffected\", \"version\": \"6.1.91\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"6.1.*\"}, {\"status\": \"unaffected\", \"version\": \"6.6.31\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"6.6.*\"}, {\"status\": \"unaffected\", \"version\": \"6.8.10\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"6.8.*\"}, {\"status\": \"unaffected\", \"version\": \"6.9\", \"versionType\": \"original_commit_for_fix\", \"lessThanOrEqual\": \"*\"}], \"programFiles\": [\"net/tipc/msg.c\"], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://git.kernel.org/stable/c/e19ec8ab0e25bc4803d7cc91c84e84532e2781bd\"}, {\"url\": \"https://git.kernel.org/stable/c/93bc2d6d16f2c3178736ba6b845b30475856dc40\"}, {\"url\": \"https://git.kernel.org/stable/c/367766ff9e407f8a68409b7ce4dc4d5a72afeab1\"}, {\"url\": \"https://git.kernel.org/stable/c/66116556076f0b96bc1aa9844008c743c8c67684\"}, {\"url\": \"https://git.kernel.org/stable/c/21ea04aad8a0839b4ec27ef1691ca480620e8e14\"}, {\"url\": \"https://git.kernel.org/stable/c/ffd4917c1edb3c3ff334fce3704fbe9c39f35682\"}, {\"url\": \"https://git.kernel.org/stable/c/a0fbb26f8247e326a320e2cb4395bfb234332c90\"}, {\"url\": \"https://git.kernel.org/stable/c/080cbb890286cd794f1ee788bbc5463e2deb7c2b\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html\"}], \"x_generator\": {\"engine\": \"bippy-a5840b7849dd\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\ntipc: fix UAF in error path\\n\\nSam Page (sam4k) working with Trend Micro Zero Day Initiative reported\\na UAF in the tipc_buf_append() error path:\\n\\nBUG: KASAN: slab-use-after-free in kfree_skb_list_reason+0x47e/0x4c0\\nlinux/net/core/skbuff.c:1183\\nRead of size 8 at addr ffff88804d2a7c80 by task poc/8034\\n\\nCPU: 1 PID: 8034 Comm: poc Not tainted 6.8.2 #1\\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\\n1.16.0-debian-1.16.0-5 04/01/2014\\nCall Trace:\\n \u003cIRQ\u003e\\n __dump_stack linux/lib/dump_stack.c:88\\n dump_stack_lvl+0xd9/0x1b0 linux/lib/dump_stack.c:106\\n print_address_description linux/mm/kasan/report.c:377\\n print_report+0xc4/0x620 linux/mm/kasan/report.c:488\\n kasan_report+0xda/0x110 linux/mm/kasan/report.c:601\\n kfree_skb_list_reason+0x47e/0x4c0 linux/net/core/skbuff.c:1183\\n skb_release_data+0x5af/0x880 linux/net/core/skbuff.c:1026\\n skb_release_all linux/net/core/skbuff.c:1094\\n __kfree_skb linux/net/core/skbuff.c:1108\\n kfree_skb_reason+0x12d/0x210 linux/net/core/skbuff.c:1144\\n kfree_skb linux/./include/linux/skbuff.h:1244\\n tipc_buf_append+0x425/0xb50 linux/net/tipc/msg.c:186\\n tipc_link_input+0x224/0x7c0 linux/net/tipc/link.c:1324\\n tipc_link_rcv+0x76e/0x2d70 linux/net/tipc/link.c:1824\\n tipc_rcv+0x45f/0x10f0 linux/net/tipc/node.c:2159\\n tipc_udp_recv+0x73b/0x8f0 linux/net/tipc/udp_media.c:390\\n udp_queue_rcv_one_skb+0xad2/0x1850 linux/net/ipv4/udp.c:2108\\n udp_queue_rcv_skb+0x131/0xb00 linux/net/ipv4/udp.c:2186\\n udp_unicast_rcv_skb+0x165/0x3b0 linux/net/ipv4/udp.c:2346\\n __udp4_lib_rcv+0x2594/0x3400 linux/net/ipv4/udp.c:2422\\n ip_protocol_deliver_rcu+0x30c/0x4e0 linux/net/ipv4/ip_input.c:205\\n ip_local_deliver_finish+0x2e4/0x520 linux/net/ipv4/ip_input.c:233\\n NF_HOOK linux/./include/linux/netfilter.h:314\\n NF_HOOK linux/./include/linux/netfilter.h:308\\n ip_local_deliver+0x18e/0x1f0 linux/net/ipv4/ip_input.c:254\\n dst_input linux/./include/net/dst.h:461\\n ip_rcv_finish linux/net/ipv4/ip_input.c:449\\n NF_HOOK linux/./include/linux/netfilter.h:314\\n NF_HOOK linux/./include/linux/netfilter.h:308\\n ip_rcv+0x2c5/0x5d0 linux/net/ipv4/ip_input.c:569\\n __netif_receive_skb_one_core+0x199/0x1e0 linux/net/core/dev.c:5534\\n __netif_receive_skb+0x1f/0x1c0 linux/net/core/dev.c:5648\\n process_backlog+0x101/0x6b0 linux/net/core/dev.c:5976\\n __napi_poll.constprop.0+0xba/0x550 linux/net/core/dev.c:6576\\n napi_poll linux/net/core/dev.c:6645\\n net_rx_action+0x95a/0xe90 linux/net/core/dev.c:6781\\n __do_softirq+0x21f/0x8e7 linux/kernel/softirq.c:553\\n do_softirq linux/kernel/softirq.c:454\\n do_softirq+0xb2/0xf0 linux/kernel/softirq.c:441\\n \u003c/IRQ\u003e\\n \u003cTASK\u003e\\n __local_bh_enable_ip+0x100/0x120 linux/kernel/softirq.c:381\\n local_bh_enable linux/./include/linux/bottom_half.h:33\\n rcu_read_unlock_bh linux/./include/linux/rcupdate.h:851\\n __dev_queue_xmit+0x871/0x3ee0 linux/net/core/dev.c:4378\\n dev_queue_xmit linux/./include/linux/netdevice.h:3169\\n neigh_hh_output linux/./include/net/neighbour.h:526\\n neigh_output linux/./include/net/neighbour.h:540\\n ip_finish_output2+0x169f/0x2550 linux/net/ipv4/ip_output.c:235\\n __ip_finish_output linux/net/ipv4/ip_output.c:313\\n __ip_finish_output+0x49e/0x950 linux/net/ipv4/ip_output.c:295\\n ip_finish_output+0x31/0x310 linux/net/ipv4/ip_output.c:323\\n NF_HOOK_COND linux/./include/linux/netfilter.h:303\\n ip_output+0x13b/0x2a0 linux/net/ipv4/ip_output.c:433\\n dst_output linux/./include/net/dst.h:451\\n ip_local_out linux/net/ipv4/ip_output.c:129\\n ip_send_skb+0x3e5/0x560 linux/net/ipv4/ip_output.c:1492\\n udp_send_skb+0x73f/0x1530 linux/net/ipv4/udp.c:963\\n udp_sendmsg+0x1a36/0x2b40 linux/net/ipv4/udp.c:1250\\n inet_sendmsg+0x105/0x140 linux/net/ipv4/af_inet.c:850\\n sock_sendmsg_nosec linux/net/socket.c:730\\n __sock_sendmsg linux/net/socket.c:745\\n __sys_sendto+0x42c/0x4e0 linux/net/socket.c:2191\\n __do_sys_sendto linux/net/socket.c:2203\\n __se_sys_sendto linux/net/socket.c:2199\\n __x64_sys_sendto+0xe0/0x1c0 linux/net/socket.c:2199\\n do_syscall_x64 linux/arch/x86/entry/common.c:52\\n do_syscall_\\n---truncated---\"}], \"providerMetadata\": {\"orgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"shortName\": \"Linux\", \"dateUpdated\": \"2024-05-30T15:28:55.059Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-36886\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-18T13:07:39.609Z\", \"dateReserved\": \"2024-05-30T15:25:07.065Z\", \"assignerOrgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"datePublished\": \"2024-05-30T15:28:55.059Z\", \"assignerShortName\": \"Linux\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.