7.8
CVSSv3

CVE-2024-36971

CVSSv4: NA | CVSSv3: 7.8 | CVSSv2: NA | VMScore: 880 | EPSS: 0.00105 | KEV: Exploitation Reported
Published: 10/06/2024 Updated: 21/11/2024

Vulnerability Summary

In the Linux kernel, the following vulnerability has been resolved: net: fix __dst_negative_advice() race __dst_negative_advice() does not enforce proper RCU rules when sk->dst_cache must be cleared, leading to possible UAF. RCU rules are that we must first clear sk->sk_dst_cache, then call dst_release(old_dst). Note that sk_dst_reset(sk) is implementing this protocol correctly, while __dst_negative_advice() uses the wrong order. Given that ip6_negative_advice() has special logic against RTF_CACHE, this means each of the three ->negative_advice() existing methods must perform the sk_dst_reset() themselves. Note the check against NULL dst is centralized in __dst_negative_advice(), there is no need to duplicate it in various callbacks. Many thanks to Clement Lecigne for tracking this issue. This old bug became visible after the blamed commit, using UDP sockets.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel 4.6

linux linux kernel

linux linux kernel 4.19.316

linux linux kernel 5.4.278

linux linux kernel 5.10.219

linux linux kernel 5.15.161

linux linux kernel 6.1.94

linux linux kernel 6.6.34

linux linux kernel 6.9.4

linux linux kernel 6.10

linux linux

Vendor Advisories

LTS-120 is being updated in the LTS (Long Term Support) channel, version 12006099318 (Platform Version: 15662115), for most ChromeOS devices Release notes for LTS-120 can be found here Want to know more about Long-term Support? Click hereThis update contains selective Security fixes, including:339061099 High CVE-2024-5 ...
In the Linux kernel, the following vulnerability has been resolved: net: fix __dst_negative_advice() race (CVE-2024-36971) ...
In the Linux kernel, the following vulnerability has been resolved: net: fix __dst_negative_advice() race (CVE-2024-36971) In the Linux kernel, the following vulnerability has been resolved: usb-storage: alauda: Check whether the media is initialized (CVE-2024-38619) In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_ ...
In the Linux kernel, the following vulnerability has been resolved: net: fix __dst_negative_advice() race (CVE-2024-36971) ...
In the Linux kernel, the following vulnerability has been resolved: net: fix __dst_negative_advice() race (CVE-2024-36971) ...

Recent Articles

CISA warns about actively exploited Apache OFBiz RCE flaw
BleepingComputer • Bill Toulas • 08 Aug 2024

CISA warns about actively exploited Apache OFBiz RCE flaw By Bill Toulas August 8, 2024 03:43 PM 0 The U.S. Cybersecurity & Infrastructure Security Agency is warning of two vulnerabilities exploited in attacks, including a path traversal impacting Apache OFBiz. Apache OFBiz (Open For Business) is a popular open-source enterprise resource planning (ERP) system that provides a suite of business applications to manage various aspects of an organization. Due to its versatility and cost-effective...

Google fixes Android kernel zero-day exploited in targeted attacks
BleepingComputer • Sergiu Gatlan • 05 Aug 2024

Google fixes Android kernel zero-day exploited in targeted attacks By Sergiu Gatlan August 5, 2024 06:40 PM 0 Image: MidjourneyAndroid security updates this month patch 46 vulnerabilities, including a high-severity remote code execution (RCE) exploited in targeted attacks. The zero-day, tracked as CVE-2024-36971, is a use after free (UAF) weakness in the Linux kernel's network route management. It requires System execution privileges for successful exploitation and allows altering the behav...

Google splats device-hijacking exploited-in-the-wild Android kernel bug among others
The Register

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources And Qualcomm addresses 'permanent denial of service' flaw in its stuff

Google released 46 fixes for Android in its August security patch batch, including one for a Linux kernel flaw in the mobile OS that can lead to remote code execution (RCE). From the sounds of things, this hole already been spotted and exploited by spyware slingers. This bug, tracked as CVE-2024-36971, is a use-after-free vulnerability in the networking stack that earned a high-severity 7.8-out-of-10 CVSS rating. Successful exploitation may lead to "remote code execution with System executi...