CVE-2024-36946

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-36946
In the Linux kernel, the following vulnerability has been resolved: phonet: fix rtm_phonet_notify() skb allocation fill_route() stores three components in the skb: - struct rtmsg - RTA_DST (u8) - RTA_OIF (u32) Therefore, rtm_phonet_notify() should use NLMSG_ALIGN(sizeof(struct rtmsg)) + nla_total_size(1) + nla_total_size(4)

5.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://git.kernel.org/stable/c/4ff334cade9dae50e4be387f71e94fae634aa9b4 Patch
https://git.kernel.org/stable/c/728a83160f98ee6b60df0d890141b9b7240182fe Patch
https://git.kernel.org/stable/c/9a77226440008cf04ba68faf641a2d50f4998137 Patch
https://git.kernel.org/stable/c/d8cac8568618dcb8a51af3db1103e8d4cc4aeea7 Patch
https://git.kernel.org/stable/c/dc6beac059f0331de97155a89d84058d4a9e49c7 Patch
https://git.kernel.org/stable/c/ec1f71c05caeba0f814df77e0f511d8b4618623a Patch
https://git.kernel.org/stable/c/ee9e39a6cb3ca2a3d35b4ae25547ee3526a44d00 Patch
https://git.kernel.org/stable/c/f085e02f0a32f6dfcfabc6535c9c4a1707cef86b Patch
https://git.kernel.org/stable/c/4ff334cade9dae50e4be387f71e94fae634aa9b4 Patch
https://git.kernel.org/stable/c/728a83160f98ee6b60df0d890141b9b7240182fe Patch
https://git.kernel.org/stable/c/9a77226440008cf04ba68faf641a2d50f4998137 Patch
https://git.kernel.org/stable/c/d8cac8568618dcb8a51af3db1103e8d4cc4aeea7 Patch
https://git.kernel.org/stable/c/dc6beac059f0331de97155a89d84058d4a9e49c7 Patch
https://git.kernel.org/stable/c/ec1f71c05caeba0f814df77e0f511d8b4618623a Patch
https://git.kernel.org/stable/c/ee9e39a6cb3ca2a3d35b4ae25547ee3526a44d00 Patch
https://git.kernel.org/stable/c/f085e02f0a32f6dfcfabc6535c9c4a1707cef86b Patch
https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html Third Party Advisory
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html Third Party Advisory
https://security.netapp.com/advisory/ntap-20241004-0002/ Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.9:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.9:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.9:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.9:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.9:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.9:rc7:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
History

No history.

Information

Published : 2024-05-30 16:15

Updated : 2026-01-22 20:03

NVD link : CVE-2024-36946

Mitre link : CVE-2024-36946

CVE.ORG link : CVE-2024-36946

JSON object : View

Products Affected

debian

  • debian_linux

linux

  • linux_kernel
CWE
CWE-401

Missing Release of Memory after Effective Lifetime