5.5

CVE-2024-36903

ipv6: Fix potential uninit-value access in __ip6_make_skb()

In the Linux kernel, the following vulnerability has been resolved:

ipv6: Fix potential uninit-value access in __ip6_make_skb()

As it was done in commit fc1092f51567 ("ipv4: Fix uninit-value access in
__ip_make_skb()") for IPv4, check FLOWI_FLAG_KNOWN_NH on fl6->flowi6_flags
instead of testing HDRINCL on the socket to avoid a race condition which
causes uninit-value access.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.14.313 < 4.15
LinuxLinux Kernel Version >= 4.19.281 < 4.20
LinuxLinux Kernel Version >= 5.4.241 < 5.5
LinuxLinux Kernel Version >= 5.10.178 < 5.11
LinuxLinux Kernel Version >= 5.15.107 < 5.16
LinuxLinux Kernel Version >= 6.1.24 < 6.2
LinuxLinux Kernel Version >= 6.2.11 < 6.6.31
LinuxLinux Kernel Version >= 6.7 < 6.8.10
LinuxLinux Kernel Version6.9 Updaterc1
LinuxLinux Kernel Version6.9 Updaterc2
LinuxLinux Kernel Version6.9 Updaterc3
LinuxLinux Kernel Version6.9 Updaterc4
LinuxLinux Kernel Version6.9 Updaterc5
LinuxLinux Kernel Version6.9 Updaterc6
LinuxLinux Kernel Version6.9 Updaterc7
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.23% 0.135
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-908 Use of Uninitialized Resource

The product uses or accesses a resource that has not been initialized.

https://git.kernel.org/stable/c/2367bf254f3a27ecc6e229afd7a8b0a1395f7be3
Patch
https://git.kernel.org/stable/c/4e13d3a9c25b7080f8a619f961e943fe08c2672c
Patch
https://git.kernel.org/stable/c/68c8ba16ab712eb709c6bab80ff151079d11d97a
Patch
https://git.kernel.org/stable/c/a05c1ede50e9656f0752e523c7b54f3a3489e9a8
https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html
https://git.kernel.org/stable/c/40e5444a3ac315b60e94d82226b73cd82145d09e
https://git.kernel.org/stable/c/59d74c843ebf46264c7903726cf6f2673a93b07a