CVE-2024-36903

Published: May 30, 2024Modified: Jan 19, 2026

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix potential uninit-value access in __ip6_make_skb() As it was done in commit fc1092f51567 ("ipv4: Fix uninit-value access in __ip_make_skb()") for IPv4, check FLOWI_FLAG_KNOWN_NH on fl6->flowi6_flags instead of testing HDRINCL on the socket to avoid a race condition which causes uninit-value access.

Affected (15)

Products: Linux: Linux Kernel

Linux

1 product

Linux Kernel

Configuration A

15 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 4.14.313 to 4.15
Linux Linux Kernel	From 4.19.281 to 4.20
Linux Linux Kernel	From 5.10.178 to 5.11
Linux Linux Kernel	From 5.15.107 to 5.16
Linux Linux Kernel	From 5.4.241 to 5.5
Linux Linux Kernel	From 6.1.24 to 6.2
Linux Linux Kernel	From 6.2.11 to 6.6.31
Linux Linux Kernel	From 6.7 to 6.8.10
Linux Linux Kernel	Version 6.9 rc1
Linux Linux Kernel	Version 6.9 rc2
Linux Linux Kernel	Version 6.9 rc3
Linux Linux Kernel	Version 6.9 rc4
Linux Linux Kernel	Version 6.9 rc5
Linux Linux Kernel	Version 6.9 rc6
Linux Linux Kernel	Version 6.9 rc7