CVE-2024-36946

In the Linux kernel, the following vulnerability has been resolved: phonet: fix rtm_phonet_notify() skb allocation fill_route() stores three components in the skb: - struct rtmsg - RTA_DST (u8) - RTA_OIF (u32) Therefore, rtm_phonet_notify() should use NLMSG_ALIGN(sizeof(struct rtmsg)) + nla_total_size(1) + nla_total_size(4)

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/4ff334cade9dae50e4be387f71e94fae634aa9b4	Patch
https://git.kernel.org/stable/c/728a83160f98ee6b60df0d890141b9b7240182fe	Patch
https://git.kernel.org/stable/c/9a77226440008cf04ba68faf641a2d50f4998137	Patch
https://git.kernel.org/stable/c/d8cac8568618dcb8a51af3db1103e8d4cc4aeea7	Patch
https://git.kernel.org/stable/c/dc6beac059f0331de97155a89d84058d4a9e49c7	Patch
https://git.kernel.org/stable/c/ec1f71c05caeba0f814df77e0f511d8b4618623a	Patch
https://git.kernel.org/stable/c/ee9e39a6cb3ca2a3d35b4ae25547ee3526a44d00	Patch
https://git.kernel.org/stable/c/f085e02f0a32f6dfcfabc6535c9c4a1707cef86b	Patch
https://git.kernel.org/stable/c/4ff334cade9dae50e4be387f71e94fae634aa9b4	Patch
https://git.kernel.org/stable/c/728a83160f98ee6b60df0d890141b9b7240182fe	Patch
https://git.kernel.org/stable/c/9a77226440008cf04ba68faf641a2d50f4998137	Patch
https://git.kernel.org/stable/c/d8cac8568618dcb8a51af3db1103e8d4cc4aeea7	Patch
https://git.kernel.org/stable/c/dc6beac059f0331de97155a89d84058d4a9e49c7	Patch
https://git.kernel.org/stable/c/ec1f71c05caeba0f814df77e0f511d8b4618623a	Patch
https://git.kernel.org/stable/c/ee9e39a6cb3ca2a3d35b4ae25547ee3526a44d00	Patch
https://git.kernel.org/stable/c/f085e02f0a32f6dfcfabc6535c9c4a1707cef86b	Patch
https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html	Third Party Advisory
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html	Third Party Advisory
https://security.netapp.com/advisory/ntap-20241004-0002/	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.9:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.9:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.9:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.9:rc4::::::
	cpe:2.3:o:linux:linux_kernel:6.9:rc5::::::
	cpe:2.3:o:linux:linux_kernel:6.9:rc6::::::
	cpe:2.3:o:linux:linux_kernel:6.9:rc7::::::

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

History

22 Jan 2026, 20:03

21 Nov 2024, 09:22

Type	Values Removed	Values Added
References		() https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html - () https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html - () https://security.netapp.com/advisory/ntap-20241004-0002/ -
References	~~() https://git.kernel.org/stable/c/4ff334cade9dae50e4be387f71e94fae634aa9b4 -~~	() https://git.kernel.org/stable/c/4ff334cade9dae50e4be387f71e94fae634aa9b4 -
References	~~() https://git.kernel.org/stable/c/728a83160f98ee6b60df0d890141b9b7240182fe -~~	() https://git.kernel.org/stable/c/728a83160f98ee6b60df0d890141b9b7240182fe -
References	~~() https://git.kernel.org/stable/c/9a77226440008cf04ba68faf641a2d50f4998137 -~~	() https://git.kernel.org/stable/c/9a77226440008cf04ba68faf641a2d50f4998137 -
References	~~() https://git.kernel.org/stable/c/d8cac8568618dcb8a51af3db1103e8d4cc4aeea7 -~~	() https://git.kernel.org/stable/c/d8cac8568618dcb8a51af3db1103e8d4cc4aeea7 -
References	~~() https://git.kernel.org/stable/c/dc6beac059f0331de97155a89d84058d4a9e49c7 -~~	() https://git.kernel.org/stable/c/dc6beac059f0331de97155a89d84058d4a9e49c7 -
References	~~() https://git.kernel.org/stable/c/ec1f71c05caeba0f814df77e0f511d8b4618623a -~~	() https://git.kernel.org/stable/c/ec1f71c05caeba0f814df77e0f511d8b4618623a -
References	~~() https://git.kernel.org/stable/c/ee9e39a6cb3ca2a3d35b4ae25547ee3526a44d00 -~~	() https://git.kernel.org/stable/c/ee9e39a6cb3ca2a3d35b4ae25547ee3526a44d00 -
References	~~() https://git.kernel.org/stable/c/f085e02f0a32f6dfcfabc6535c9c4a1707cef86b -~~	() https://git.kernel.org/stable/c/f085e02f0a32f6dfcfabc6535c9c4a1707cef86b -

05 Nov 2024, 10:17

Type	Values Removed	Values Added
References	~~{'url': 'https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html', 'source': '416baaa9-dc9f-4396-8d5f-8c081fb06d67'}~~ ~~{'url': 'https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html', 'source': '416baaa9-dc9f-4396-8d5f-8c081fb06d67'}~~

27 Jun 2024, 14:15

Type	Values Removed	Values Added
References		() https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html -

27 Jun 2024, 13:16

Type	Values Removed	Values Added
References		() https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html -
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: phonet: corrige la asignación de skb de rtm_phonet_notify() fill_route() almacena tres componentes en el skb: - struct rtmsg - RTA_DST (u8) - RTA_OIF (u32) Por lo tanto, rtm_phonet_notify() debería usar NLMSG_ALIGN(tamañode(struct rtmsg)) + nla_total_size(1) + nla_total_size(4)

30 May 2024, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-30 16:15

Updated : 2026-01-22 20:03

NVD link : CVE-2024-36946

Mitre link : CVE-2024-36946

CVE.ORG link : CVE-2024-36946

JSON object : View

Products Affected

debian

debian_linux

linux

linux_kernel

CWE

CWE-401

Missing Release of Memory after Effective Lifetime

5.5 /10