In the Linux kernel, the following vulnerability has been resolved:
ipv6: Fix potential uninit-value access in __ip6_make_skb()
As it was done in commit fc1092f51567 ("ipv4: Fix uninit-value access in
__ip_make_skb()") for IPv4, check FLOWI_FLAG_KNOWN_NH on fl6->flowi6_flags
instead of testing HDRINCL on the socket to avoid a race condition which
causes uninit-value access.
Metrics
Affected Vendors & Products
References
History
Fri, 16 Aug 2024 18:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat
Redhat enterprise Linux |
|
CPEs | cpe:/a:redhat:enterprise_linux:9 cpe:/o:redhat:enterprise_linux:9 |
|
Vendors & Products |
Redhat
Redhat enterprise Linux |
MITRE
Status: PUBLISHED
Assigner: Linux
Published: 2024-05-30T15:29:04.866Z
Updated: 2024-12-19T09:01:44.229Z
Reserved: 2024-05-30T15:25:07.066Z
Link: CVE-2024-36903
Vulnrichment
Updated: 2024-08-02T03:43:49.864Z
NVD
Status : Awaiting Analysis
Published: 2024-05-30T16:15:13.867
Modified: 2024-11-21T09:22:46.660
Link: CVE-2024-36903
Redhat