CVE-2024-36031
keys: Fix overwrite of key expiration on instantiation
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved:
keys: Fix overwrite of key expiration on instantiation
The expiry time of a key is unconditionally overwritten during
instantiation, defaulting to turn it permanent. This causes a problem
for DNS resolution as the expiration set by user-space is overwritten to
TIME64_MAX, disabling further DNS updates. Fix this by restoring the
condition that key_set_expiry is only called when the pre-parser sets a
specific expiry.
En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: claves: se corrige la sobrescritura de la caducidad de la clave al crear instancias. El tiempo de caducidad de una clave se sobrescribe incondicionalmente durante la creación de instancias, y de forma predeterminada se vuelve permanente. Esto causa un problema para la resolución de DNS ya que la caducidad establecida por el espacio de usuario se sobrescribe en TIME64_MAX, lo que deshabilita más actualizaciones de DNS. Solucione este problema restaurando la condición de que key_set_expiry solo se llama cuando el analizador previo establece una caducidad específica.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2024-05-17 CVE Reserved
- 2024-05-30 CVE Published
- 2024-05-31 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-324: Use of a Key Past its Expiration Date
CAPEC
References (12)
| URL | Tag | Source |
|---|---|---|
| https://git.kernel.org/stable/c/97be1e865e70e5a0ad0a5b5f5dca5031ca0b53ac | Vuln. Introduced | |
| https://git.kernel.org/stable/c/2552b32b0b349df160a509fe49f5f308cb922f2b | Vuln. Introduced | |
| https://git.kernel.org/stable/c/791d5409cdb974c31a1bc7a903ea729ddc7d83df | Vuln. Introduced | |
| https://git.kernel.org/stable/c/afc360e8a1256acb7579a6f5b6f2c30b85b39301 | Vuln. Introduced | |
| https://git.kernel.org/stable/c/39299bdd2546688d92ed9db4948f6219ca1b9542 | Vuln. Introduced |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.10.206 < 5.10.217 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10.206 < 5.10.217" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.15.146 < 5.15.159 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15.146 < 5.15.159" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.1.70 < 6.1.91 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1.70 < 6.1.91" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.6.9 < 6.6.31 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.6.9 < 6.6.31" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.7 < 6.8.10 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.7 < 6.8.10" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.7 < 6.9.1 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.7 < 6.9.1" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.7 < 6.10 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.7 < 6.10" | en |
Affected
| ||||||