CVE-2024-36903
ipv6: Fix potential uninit-value access in __ip6_make_skb()
Severity Score
5.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track
*SSVC
Descriptions
In the Linux kernel, the following vulnerability has been resolved:
ipv6: Fix potential uninit-value access in __ip6_make_skb()
As it was done in commit fc1092f51567 ("ipv4: Fix uninit-value access in
__ip_make_skb()") for IPv4, check FLOWI_FLAG_KNOWN_NH on fl6->flowi6_flags
instead of testing HDRINCL on the socket to avoid a race condition which
causes uninit-value access.
En el kernel de Linux, se resolvió la siguiente vulnerabilidad: ipv6: corrige el posible acceso a valores uninit en __ip6_make_skb() Como se hizo en el commit fc1092f51567 ("ipv4: corrige el acceso a valores uninit en __ip_make_skb()") para IPv4, verifique FLOWI_FLAG_KNOWN_NH en fl6->flowi6_flags en lugar de probar HDRINCL en el socket para evitar una condición de ejecución que provoque acceso a valores uninit.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-05-30 CVE Reserved
- 2024-05-30 CVE Published
- 2024-05-31 EPSS Updated
- 2024-11-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CAPEC
References (13)
| URL | Tag | Source |
|---|---|---|
| https://git.kernel.org/stable/c/ea30388baebcce37fd594d425a65037ca35e59e8 | Vuln. Introduced | |
| https://git.kernel.org/stable/c/165370522cc48127da564a08584a7391e6341908 | Vuln. Introduced | |
| https://git.kernel.org/stable/c/f394f690a30a5ec0413c62777a058eaf3d6e10d5 | Vuln. Introduced | |
| https://git.kernel.org/stable/c/0cf600ca1bdf1d52df977516ee6cee0cadb1f6b1 | Vuln. Introduced | |
| https://git.kernel.org/stable/c/605b056d63302ae84eb136e88d4df49124bd5e0d | Vuln. Introduced | |
| https://git.kernel.org/stable/c/d65ff2fe877c471aa6e79efa7bd8ff66e147c317 | Vuln. Introduced | |
| https://git.kernel.org/stable/c/2c9cefc142c1dc2759e19a92d3b2b3715e985beb | Vuln. Introduced | |
| https://git.kernel.org/stable/c/02ed5700f40445af02d1c97db25ffc2d04971d9f | Vuln. Introduced |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2024-36903 | 2024-08-15 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2284543 | 2024-08-15 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.3 < 6.6.31 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.3 < 6.6.31" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.3 < 6.8.10 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.3 < 6.8.10" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.3 < 6.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.3 < 6.9" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 4.14.313 Search vendor "Linux" for product "Linux Kernel" and version "4.14.313" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 4.19.281 Search vendor "Linux" for product "Linux Kernel" and version "4.19.281" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 5.4.241 Search vendor "Linux" for product "Linux Kernel" and version "5.4.241" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 5.10.178 Search vendor "Linux" for product "Linux Kernel" and version "5.10.178" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 5.15.107 Search vendor "Linux" for product "Linux Kernel" and version "5.15.107" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 6.1.24 Search vendor "Linux" for product "Linux Kernel" and version "6.1.24" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 6.2.11 Search vendor "Linux" for product "Linux Kernel" and version "6.2.11" | en |
Affected
| ||||||