In the Linux kernel, the following vulnerability has been resolved: net: fix __dst_negative_advice() race __dst_negative_advice() does not enforce proper RCU rules when sk->dst_cache must be cleared, leading to possible UAF. RCU rules are that we must first clear sk->sk_dst_cache, then call dst_release(old_dst). Note that sk_dst_reset(sk) is implementing this protocol correctly, while __dst_negative_advice() uses the wrong order. Given that ip6_negative_advice() has special logic against RTF_CACHE, this means each of the three ->negative_advice() existing methods must perform the sk_dst_reset() themselves. Note the check against NULL dst is centralized in __dst_negative_advice(), there is no need to duplicate it in various callbacks. Many thanks to Clement Lecigne for tracking this issue. This old bug became visible after the blamed commit, using UDP sockets.
History

Tue, 05 Nov 2024 10:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:linux:linux_kernel:4.19.316:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.6:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.10.219:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.15.161:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.4.278:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1.94:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.10:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.6.34:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.9.4:*:*:*:*:*:*:*
Metrics kev

{'dateAdded': '2024-08-07'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 26 Aug 2024 19:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:rhel_e4s:9.0

Thu, 22 Aug 2024 19:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4.13::el9
cpe:/a:redhat:openshift:4.14::el9
cpe:/a:redhat:openshift:4.15::el9

Tue, 20 Aug 2024 22:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4.16::el9

Mon, 19 Aug 2024 22:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat openshift
CPEs cpe:/a:redhat:openshift:4.12::el8
cpe:/o:redhat:rhel_eus:9.2
Vendors & Products Redhat openshift

Fri, 16 Aug 2024 18:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:enterprise_linux:9
cpe:/a:redhat:rhel_eus:9.2
cpe:/a:redhat:rhel_eus:9.2::nfv
cpe:/o:redhat:enterprise_linux:9
cpe:/o:redhat:rhel_aus:8.2

Wed, 14 Aug 2024 01:15:00 +0000

Type Values Removed Values Added
References

Tue, 13 Aug 2024 22:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Aus
Redhat rhel Els
Redhat rhel Eus
Redhat rhel Tus
CPEs cpe:/a:redhat:rhel_e4s:9.0
cpe:/a:redhat:rhel_tus:8.4::nfv
cpe:/o:redhat:rhel_aus:7.7
cpe:/o:redhat:rhel_aus:8.4
cpe:/o:redhat:rhel_aus:8.6
cpe:/o:redhat:rhel_e4s:8.4
cpe:/o:redhat:rhel_e4s:8.6
cpe:/o:redhat:rhel_els:7
cpe:/o:redhat:rhel_eus:8.8
cpe:/o:redhat:rhel_tus:8.4
cpe:/o:redhat:rhel_tus:8.6
Vendors & Products Redhat rhel Aus
Redhat rhel Els
Redhat rhel Eus
Redhat rhel Tus

Tue, 13 Aug 2024 06:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel E4s
CPEs cpe:/a:redhat:rhel_e4s:9.0::nfv
Vendors & Products Redhat rhel E4s

Thu, 08 Aug 2024 23:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat
Redhat enterprise Linux
CPEs cpe:/a:redhat:enterprise_linux:8::nfv
cpe:/o:redhat:enterprise_linux:8
Vendors & Products Redhat
Redhat enterprise Linux

Thu, 08 Aug 2024 15:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:linux:linux_kernel:6.10.0:rc1:*:*:*:*:*:*

Wed, 07 Aug 2024 22:45:00 +0000

Type Values Removed Values Added
Metrics threat_severity

Moderate

threat_severity

Important


cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-06-10T09:03:23.878Z

Updated: 2024-12-19T09:03:35.286Z

Reserved: 2024-05-30T15:25:07.082Z

Link: CVE-2024-36971

cve-icon Vulnrichment

Updated: 2024-08-02T03:43:50.464Z

cve-icon NVD

Status : Modified

Published: 2024-06-10T09:15:09.127

Modified: 2024-11-21T09:22:56.410

Link: CVE-2024-36971

cve-icon Redhat

Severity : Important

Publid Date: 2024-06-10T00:00:00Z

Links: CVE-2024-36971 - Bugzilla