We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-44986

ipv6: fix possible UAF in ip6_finish_output2()



AssignerLinux
Reserved2024-08-21
Published2024-09-04
Updated2024-09-15

Description

In the Linux kernel, the following vulnerability has been resolved: ipv6: fix possible UAF in ip6_finish_output2() If skb_expand_head() returns NULL, skb has been freed and associated dst/idev could also have been freed. We need to hold rcu_read_lock() to make sure the dst and associated idev are alive.

Product status

Default status
0x40000b8a70

5796015fa968 before e891b36de161
affected

5796015fa968 before 3574d28caf9a
affected

5796015fa968 before 6ab6bf731354
affected

5796015fa968 before 56efc2531967
affected

5796015fa968 before da273b377ae0
affected

Default status
0x40000b8d70

5.14
affected

Any version before 5.14
unaffected

5.15.166
unaffected

6.1.107
unaffected

6.6.48
unaffected

6.10.7
unaffected

6.11
unaffected

References

https://git.kernel.org/stable/c/e891b36de161fcd96f12ff83667473e5067b9037

https://git.kernel.org/stable/c/3574d28caf9a09756ae87ad1ea096c6f47b6101e

https://git.kernel.org/stable/c/6ab6bf731354a6fdbaa617d1ec194960db61cf3b

https://git.kernel.org/stable/c/56efc253196751ece1fc535a5b582be127b0578a

https://git.kernel.org/stable/c/da273b377ae0d9bd255281ed3c2adb228321687b

cve.org CVE-2024-44986

nvd.nist.gov CVE-2024-44986

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-44986
Subscribe to our newsletter to learn more about our work.