CVE-2024-36954

tipc: fix a possible memleak in tipc_buf_append

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: tipc: fix a possible memleak in tipc_buf_append __skb_linearize() doesn't free the skb when it fails, so move
'*buf = NULL' after __skb_linearize(), so that the skb can be
freed on the err path.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tipc: soluciona un posible memleak en tipc_buf_append __skb_linearize() no libera el skb cuando falla, así que mueve '*buf = NULL' después de __skb_linearize(), para que el skb se puede liberar en la ruta de error.

In the Linux kernel, the following vulnerability has been resolved: tipc: fix a possible memleak in tipc_buf_append __skb_linearize() doesn't free the skb when it fails, so move '*buf = NULL' after __skb_linearize(), so that the skb can be freed on the err path.

Benedict SchlÃ¼ter, Supraja Sridhara, Andrin Bertschi, and Shweta Shinde discovered that an untrusted hypervisor could inject malicious #VC interrupts and compromise the security guarantees of AMD SEV-SNP. This flaw is known as WeSee. A local attacker in control of the hypervisor could use this to expose sensitive information or possibly execute arbitrary code in the trusted execution environment. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

Complete

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-05-30 CVE Reserved
2024-05-30 CVE Published
2024-12-19 CVE Updated
2025-03-26 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak')

CAPEC

References (20)

URL	Tag	Source
https://git.kernel.org/stable/c/4b1761898861117c97066aea6c58f68a7787f0bf	Vuln. Introduced
https://git.kernel.org/stable/c/64d17ec9f1ded042c4b188d15734f33486ed9966	Vuln. Introduced
https://git.kernel.org/stable/c/6da24cfc83ba4f97ea44fc7ae9999a006101755c	Vuln. Introduced
https://git.kernel.org/stable/c/b7df21cf1b79ab7026f545e7bf837bd5750ac026	Vuln. Introduced
https://git.kernel.org/stable/c/b2c8d28c34b3070407cb1741f9ba3f15d0284b8b	Vuln. Introduced
https://git.kernel.org/stable/c/5489f30bb78ff0dafb4229a69632afc2ba20765c	Vuln. Introduced
https://git.kernel.org/stable/c/436d650d374329a591c30339a91fa5078052ed1e	Vuln. Introduced
https://git.kernel.org/stable/c/ace300eecbccaa698e2b472843c74a5f33f7dce8	Vuln. Introduced
https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/01cd1b7b685751ee422d00d050292a3d277652d6	2024-05-17
https://git.kernel.org/stable/c/2f87fd9476cf9725d774e6dcb7d17859c6a6d1ae	2024-05-17
https://git.kernel.org/stable/c/adbce6d20da6254c86425a8d4359b221b5ccbccd	2024-05-17
https://git.kernel.org/stable/c/42c8471b0566c7539e7dd584b4d0ebd3cec8cb2c	2024-05-17
https://git.kernel.org/stable/c/d03a82f4f8144befdc10518e732e2a60b34c870e	2024-05-17
https://git.kernel.org/stable/c/614c5a5ae45a921595952117b2e2bd4d4bf9b574	2024-05-17
https://git.kernel.org/stable/c/3210d34fda4caff212cb53729e6bd46de604d565	2024-05-17
https://git.kernel.org/stable/c/97bf6f81b29a8efaf5d0983251a7450e5794370d	2024-05-02

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2024-36954	2025-02-19
https://bugzilla.redhat.com/show_bug.cgi?id=2284590	2025-02-19

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.19.193 < 4.19.314 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.19.193 < 4.19.314"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.4.124 < 5.4.276 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4.124 < 5.4.276"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.10.42 < 5.10.217 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10.42 < 5.10.217"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.13 < 5.15.159 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.13 < 5.15.159"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.13 < 6.1.91 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.13 < 6.1.91"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.13 < 6.6.31 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.13 < 6.6.31"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.13 < 6.8.10 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.13 < 6.8.10"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.13 < 6.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.13 < 6.9"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				4.4.271 Search vendor "Linux" for product "Linux Kernel" and version "4.4.271"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				4.9.271 Search vendor "Linux" for product "Linux Kernel" and version "4.9.271"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				4.14.235 Search vendor "Linux" for product "Linux Kernel" and version "4.14.235"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				5.12.9 Search vendor "Linux" for product "Linux Kernel" and version "5.12.9"		en		Affected