In the Linux kernel, the following vulnerability has been resolved:
ipv6: Fix potential uninit-value access in __ip6_make_skb()
As it was done in commit fc1092f51567 ("ipv4: Fix uninit-value access in
__ip_make_skb()") for IPv4, check FLOWI_FLAG_KNOWN_NH on fl6->flowi6_flags
instead of testing HDRINCL on the socket to avoid a race condition which
causes uninit-value access.
References
Configurations
Configuration 1 (hide)
|
History
03 Feb 2025, 15:48
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://git.kernel.org/stable/c/2367bf254f3a27ecc6e229afd7a8b0a1395f7be3 - Patch | |
| References | () https://git.kernel.org/stable/c/4e13d3a9c25b7080f8a619f961e943fe08c2672c - Patch | |
| References | () https://git.kernel.org/stable/c/68c8ba16ab712eb709c6bab80ff151079d11d97a - Patch | |
| CPE | cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.9:rc2:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.9:rc7:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.9:rc5:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.9:rc3:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.9:rc6:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.9:rc4:*:*:*:*:*:* |
|
| CWE | CWE-908 | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.5 |
| First Time |
Linux linux Kernel
Linux |
Information
Published : 2024-05-30 16:15
Updated : 2025-02-03 15:48
NVD link : CVE-2024-36903
Mitre link : CVE-2024-36903
CVE.ORG link : CVE-2024-36903
JSON object : View
Products Affected
linux
- linux_kernel
CWE
CWE-908
Use of Uninitialized Resource