5.5
CVE-2024-36946
- EPSS 0.27%
- Veröffentlicht 30.05.2024 16:15:17
- Zuletzt bearbeitet 22.01.2026 20:03:40
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
phonet: fix rtm_phonet_notify() skb allocation
In the Linux kernel, the following vulnerability has been resolved: phonet: fix rtm_phonet_notify() skb allocation fill_route() stores three components in the skb: - struct rtmsg - RTA_DST (u8) - RTA_OIF (u32) Therefore, rtm_phonet_notify() should use NLMSG_ALIGN(sizeof(struct rtmsg)) + nla_total_size(1) + nla_total_size(4)
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 2.6.33 < 4.19.314
Linux ≫ Linux Kernel Version >= 4.20 < 5.4.276
Linux ≫ Linux Kernel Version >= 5.5 < 5.10.217
Linux ≫ Linux Kernel Version >= 5.11 < 5.15.159
Linux ≫ Linux Kernel Version >= 5.16 < 6.1.91
Linux ≫ Linux Kernel Version >= 6.2 < 6.6.31
Linux ≫ Linux Kernel Version >= 6.7 < 6.8.10
Linux ≫ Linux Kernel Version6.9 Updaterc1
Linux ≫ Linux Kernel Version6.9 Updaterc2
Linux ≫ Linux Kernel Version6.9 Updaterc3
Linux ≫ Linux Kernel Version6.9 Updaterc4
Linux ≫ Linux Kernel Version6.9 Updaterc5
Linux ≫ Linux Kernel Version6.9 Updaterc6
Linux ≫ Linux Kernel Version6.9 Updaterc7
Debian ≫ Debian Linux Version10.0
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.27% | 0.177 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-401 Missing Release of Memory after Effective Lifetime
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html
https://git.kernel.org/stable/c/4ff334cade9dae50e4be387f71e94fae634aa9b4
https://git.kernel.org/stable/c/728a83160f98ee6b60df0d890141b9b7240182fe
https://git.kernel.org/stable/c/9a77226440008cf04ba68faf641a2d50f4998137
https://git.kernel.org/stable/c/d8cac8568618dcb8a51af3db1103e8d4cc4aeea7
https://git.kernel.org/stable/c/dc6beac059f0331de97155a89d84058d4a9e49c7
https://git.kernel.org/stable/c/ec1f71c05caeba0f814df77e0f511d8b4618623a
https://git.kernel.org/stable/c/ee9e39a6cb3ca2a3d35b4ae25547ee3526a44d00
https://git.kernel.org/stable/c/f085e02f0a32f6dfcfabc6535c9c4a1707cef86b
https://security.netapp.com/advisory/ntap-20241004-0002/