5.5

CVE-2024-36946

phonet: fix rtm_phonet_notify() skb allocation

In the Linux kernel, the following vulnerability has been resolved:

phonet: fix rtm_phonet_notify() skb allocation

fill_route() stores three components in the skb:

- struct rtmsg
- RTA_DST (u8)
- RTA_OIF (u32)

Therefore, rtm_phonet_notify() should use

NLMSG_ALIGN(sizeof(struct rtmsg)) +
nla_total_size(1) +
nla_total_size(4)
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 2.6.33 < 4.19.314
LinuxLinux Kernel Version >= 4.20 < 5.4.276
LinuxLinux Kernel Version >= 5.5 < 5.10.217
LinuxLinux Kernel Version >= 5.11 < 5.15.159
LinuxLinux Kernel Version >= 5.16 < 6.1.91
LinuxLinux Kernel Version >= 6.2 < 6.6.31
LinuxLinux Kernel Version >= 6.7 < 6.8.10
LinuxLinux Kernel Version6.9 Updaterc1
LinuxLinux Kernel Version6.9 Updaterc2
LinuxLinux Kernel Version6.9 Updaterc3
LinuxLinux Kernel Version6.9 Updaterc4
LinuxLinux Kernel Version6.9 Updaterc5
LinuxLinux Kernel Version6.9 Updaterc6
LinuxLinux Kernel Version6.9 Updaterc7
DebianDebian Linux Version10.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.27% 0.177
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html
Third Party Advisory
https://git.kernel.org/stable/c/4ff334cade9dae50e4be387f71e94fae634aa9b4
Patch
https://git.kernel.org/stable/c/728a83160f98ee6b60df0d890141b9b7240182fe
Patch
https://git.kernel.org/stable/c/9a77226440008cf04ba68faf641a2d50f4998137
Patch
https://git.kernel.org/stable/c/d8cac8568618dcb8a51af3db1103e8d4cc4aeea7
Patch
https://git.kernel.org/stable/c/dc6beac059f0331de97155a89d84058d4a9e49c7
Patch
https://git.kernel.org/stable/c/ec1f71c05caeba0f814df77e0f511d8b4618623a
Patch
https://git.kernel.org/stable/c/ee9e39a6cb3ca2a3d35b4ae25547ee3526a44d00
Patch
https://git.kernel.org/stable/c/f085e02f0a32f6dfcfabc6535c9c4a1707cef86b
Patch
https://security.netapp.com/advisory/ntap-20241004-0002/
Third Party Advisory