CVE-2024-36946

Published: May 30, 2024Modified: Jan 22, 2026

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

In the Linux kernel, the following vulnerability has been resolved: phonet: fix rtm_phonet_notify() skb allocation fill_route() stores three components in the skb: - struct rtmsg - RTA_DST (u8) - RTA_OIF (u32) Therefore, rtm_phonet_notify() should use NLMSG_ALIGN(sizeof(struct rtmsg)) + nla_total_size(1) + nla_total_size(4)

Affected (15)

Products: Linux: Linux Kernel · Debian: Debian Linux

1 product

1 product

Configuration A

14 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 2.6.33 to 4.19.314
Linux Linux Kernel	From 4.20 to 5.4.276
Linux Linux Kernel	From 5.11 to 5.15.159
Linux Linux Kernel	From 5.16 to 6.1.91
Linux Linux Kernel	From 5.5 to 5.10.217
Linux Linux Kernel	From 6.2 to 6.6.31
Linux Linux Kernel	From 6.7 to 6.8.10
Linux Linux Kernel	Version 6.9 rc1
Linux Linux Kernel	Version 6.9 rc2
Linux Linux Kernel	Version 6.9 rc3
Linux Linux Kernel	Version 6.9 rc4
Linux Linux Kernel	Version 6.9 rc5
Linux Linux Kernel	Version 6.9 rc6
Linux Linux Kernel	Version 6.9 rc7

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0

Related CWEs

Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

References (19)

https://git.kernel.org/stable/c/4ff334cade9dae50e4be387f71e94fae634aa9b4

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/728a83160f98ee6b60df0d890141b9b7240182fe

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/9a77226440008cf04ba68faf641a2d50f4998137

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/d8cac8568618dcb8a51af3db1103e8d4cc4aeea7

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/dc6beac059f0331de97155a89d84058d4a9e49c7

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/ec1f71c05caeba0f814df77e0f511d8b4618623a

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/ee9e39a6cb3ca2a3d35b4ae25547ee3526a44d00

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/f085e02f0a32f6dfcfabc6535c9c4a1707cef86b

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/4ff334cade9dae50e4be387f71e94fae634aa9b4

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://git.kernel.org/stable/c/728a83160f98ee6b60df0d890141b9b7240182fe

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://git.kernel.org/stable/c/9a77226440008cf04ba68faf641a2d50f4998137

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://git.kernel.org/stable/c/d8cac8568618dcb8a51af3db1103e8d4cc4aeea7

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://git.kernel.org/stable/c/dc6beac059f0331de97155a89d84058d4a9e49c7

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://git.kernel.org/stable/c/ec1f71c05caeba0f814df77e0f511d8b4618623a

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://git.kernel.org/stable/c/ee9e39a6cb3ca2a3d35b4ae25547ee3526a44d00

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://git.kernel.org/stable/c/f085e02f0a32f6dfcfabc6535c9c4a1707cef86b

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://security.netapp.com/advisory/ntap-20241004-0002/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.