CVE-2024-44986

ipv6: fix possible UAF in ip6_finish_output2()

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

ipv6: fix possible UAF in ip6_finish_output2()

If skb_expand_head() returns NULL, skb has been freed
and associated dst/idev could also have been freed.

We need to hold rcu_read_lock() to make sure the dst and
associated idev are alive.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-08-21 CVE Reserved
2024-09-04 CVE Published
2024-09-06 EPSS Updated
2024-09-15 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (9)

URL	Tag	Source
https://git.kernel.org/stable/c/5796015fa968a3349027a27dcd04c71d95c53ba5	Vuln. Introduced
https://git.kernel.org/stable/c/ded37d03440d0ab346a8287cc2ba88b8dc90ceb0	Vuln. Introduced
https://git.kernel.org/stable/c/2323690eb05865a657709f4d28eb9538ea97bfc2	Vuln. Introduced
https://git.kernel.org/stable/c/b34c668a867ffdcf8bd8db4a36512572e82b4a15	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/e891b36de161fcd96f12ff83667473e5067b9037	2024-09-04
https://git.kernel.org/stable/c/3574d28caf9a09756ae87ad1ea096c6f47b6101e	2024-08-29
https://git.kernel.org/stable/c/6ab6bf731354a6fdbaa617d1ec194960db61cf3b	2024-08-29
https://git.kernel.org/stable/c/56efc253196751ece1fc535a5b582be127b0578a	2024-08-29
https://git.kernel.org/stable/c/da273b377ae0d9bd255281ed3c2adb228321687b	2024-08-22

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.14 < 5.15.166 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.14 < 5.15.166"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.14 < 6.1.107 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.14 < 6.1.107"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.14 < 6.6.48 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.14 < 6.6.48"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.14 < 6.10.7 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.14 < 6.10.7"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.14 < 6.11 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.14 < 6.11"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				5.4.137 Search vendor "Linux" for product "Linux Kernel" and version "5.4.137"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				5.10.55 Search vendor "Linux" for product "Linux Kernel" and version "5.10.55"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				5.13.7 Search vendor "Linux" for product "Linux Kernel" and version "5.13.7"		en		Affected