CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
16.1%
In the Linux kernel, the following vulnerability has been resolved: tipc:
fix UAF in error path Sam Page (sam4k) working with Trend Micro Zero Day
Initiative reported a UAF in the tipc_buf_append() error path: BUG: KASAN:
slab-use-after-free in kfree_skb_list_reason+0x47e/0x4c0
linux/net/core/skbuff.c:1183 Read of size 8 at addr ffff88804d2a7c80 by
task poc/8034 CPU: 1 PID: 8034 Comm: poc Not tainted 6.8.2 #1 Hardware
name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-debian-1.16.0-5
04/01/2014 Call Trace: <IRQ> __dump_stack linux/lib/dump_stack.c:88
dump_stack_lvl+0xd9/0x1b0 linux/lib/dump_stack.c:106
print_address_description linux/mm/kasan/report.c:377
print_report+0xc4/0x620 linux/mm/kasan/report.c:488 kasan_report+0xda/0x110
linux/mm/kasan/report.c:601 kfree_skb_list_reason+0x47e/0x4c0
linux/net/core/skbuff.c:1183 skb_release_data+0x5af/0x880
linux/net/core/skbuff.c:1026 skb_release_all linux/net/core/skbuff.c:1094
__kfree_skb linux/net/core/skbuff.c:1108 kfree_skb_reason+0x12d/0x210
linux/net/core/skbuff.c:1144 kfree_skb linux/./include/linux/skbuff.h:1244
tipc_buf_append+0x425/0xb50 linux/net/tipc/msg.c:186
tipc_link_input+0x224/0x7c0 linux/net/tipc/link.c:1324
tipc_link_rcv+0x76e/0x2d70 linux/net/tipc/link.c:1824 tipc_rcv+0x45f/0x10f0
linux/net/tipc/node.c:2159 tipc_udp_recv+0x73b/0x8f0
linux/net/tipc/udp_media.c:390 udp_queue_rcv_one_skb+0xad2/0x1850
linux/net/ipv4/udp.c:2108 udp_queue_rcv_skb+0x131/0xb00
linux/net/ipv4/udp.c:2186 udp_unicast_rcv_skb+0x165/0x3b0
linux/net/ipv4/udp.c:2346 __udp4_lib_rcv+0x2594/0x3400
linux/net/ipv4/udp.c:2422 ip_protocol_deliver_rcu+0x30c/0x4e0
linux/net/ipv4/ip_input.c:205 ip_local_deliver_finish+0x2e4/0x520
linux/net/ipv4/ip_input.c:233 NF_HOOK linux/./include/linux/netfilter.h:314
NF_HOOK linux/./include/linux/netfilter.h:308 ip_local_deliver+0x18e/0x1f0
linux/net/ipv4/ip_input.c:254 dst_input linux/./include/net/dst.h:461
ip_rcv_finish linux/net/ipv4/ip_input.c:449 NF_HOOK
linux/./include/linux/netfilter.h:314 NF_HOOK
linux/./include/linux/netfilter.h:308 ip_rcv+0x2c5/0x5d0
linux/net/ipv4/ip_input.c:569 __netif_receive_skb_one_core+0x199/0x1e0
linux/net/core/dev.c:5534 __netif_receive_skb+0x1f/0x1c0
linux/net/core/dev.c:5648 process_backlog+0x101/0x6b0
linux/net/core/dev.c:5976 __napi_poll.constprop.0+0xba/0x550
linux/net/core/dev.c:6576 napi_poll linux/net/core/dev.c:6645
net_rx_action+0x95a/0xe90 linux/net/core/dev.c:6781
__do_softirq+0x21f/0x8e7 linux/kernel/softirq.c:553 do_softirq
linux/kernel/softirq.c:454 do_softirq+0xb2/0xf0 linux/kernel/softirq.c:441
</IRQ> <TASK> __local_bh_enable_ip+0x100/0x120 linux/kernel/softirq.c:381
local_bh_enable linux/./include/linux/bottom_half.h:33 rcu_read_unlock_bh
linux/./include/linux/rcupdate.h:851 __dev_queue_xmit+0x871/0x3ee0
linux/net/core/dev.c:4378 dev_queue_xmit
linux/./include/linux/netdevice.h:3169 neigh_hh_output
linux/./include/net/neighbour.h:526 neigh_output
linux/./include/net/neighbour.h:540 ip_finish_output2+0x169f/0x2550
linux/net/ipv4/ip_output.c:235 __ip_finish_output
linux/net/ipv4/ip_output.c:313 __ip_finish_output+0x49e/0x950
linux/net/ipv4/ip_output.c:295 ip_finish_output+0x31/0x310
linux/net/ipv4/ip_output.c:323 NF_HOOK_COND
linux/./include/linux/netfilter.h:303 ip_output+0x13b/0x2a0
linux/net/ipv4/ip_output.c:433 dst_output linux/./include/net/dst.h:451
ip_local_out linux/net/ipv4/ip_output.c:129 ip_send_skb+0x3e5/0x560
linux/net/ipv4/ip_output.c:1492 udp_send_skb+0x73f/0x1530
linux/net/ipv4/udp.c:963 udp_sendmsg+0x1a36/0x2b40
linux/net/ipv4/udp.c:1250 inet_sendmsg+0x105/0x140
linux/net/ipv4/af_inet.c:850 sock_sendmsg_nosec linux/net/socket.c:730
__sock_sendmsg linux/net/socket.c:745 __sys_sendto+0x42c/0x4e0
linux/net/socket.c:2191 __do_sys_sendto linux/net/socket.c:2203
__se_sys_sendto linux/net/socket.c:2199 _x64_sys_sendto+0xe0/0x1c0
linux/net/socket.c:2199 do_syscall_x64 linux/arch/x86/entry/common.c:52
do_syscall —truncated—
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 20.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws-5.15 | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws-6.5 | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-azure | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-azure | < any | UNKNOWN |
git.kernel.org/linus/080cbb890286cd794f1ee788bbc5463e2deb7c2b (6.9-rc7)
git.kernel.org/stable/c/080cbb890286cd794f1ee788bbc5463e2deb7c2b
git.kernel.org/stable/c/21ea04aad8a0839b4ec27ef1691ca480620e8e14
git.kernel.org/stable/c/367766ff9e407f8a68409b7ce4dc4d5a72afeab1
git.kernel.org/stable/c/66116556076f0b96bc1aa9844008c743c8c67684
git.kernel.org/stable/c/93bc2d6d16f2c3178736ba6b845b30475856dc40
git.kernel.org/stable/c/a0fbb26f8247e326a320e2cb4395bfb234332c90
git.kernel.org/stable/c/e19ec8ab0e25bc4803d7cc91c84e84532e2781bd
git.kernel.org/stable/c/ffd4917c1edb3c3ff334fce3704fbe9c39f35682
launchpad.net/bugs/cve/CVE-2024-36886
nvd.nist.gov/vuln/detail/CVE-2024-36886
security-tracker.debian.org/tracker/CVE-2024-36886
www.cve.org/CVERecord?id=CVE-2024-36886
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
16.1%