Vulnerability Lookup

🛡️ CVE-2024-36971

🟠 CVSS 7.8 — High ✅ No Known Exploit NVD

7.8

CVSS Score

0 Low4 Medium7 High9 Critical10

Description

In the Linux kernel, the following vulnerability has been resolved: net: fix __dst_negative_advice() race __dst_negative_advice() does not enforce proper RCU rules when sk->dst_cache must be cleared, leading to possible UAF. RCU rules are that we must first clear sk->sk_dst_cache, then call dst_release(old_dst). Note that sk_dst_reset(sk) is implementing this protocol correctly, while __dst_negative_advice() uses the wrong order. Given that ip6_negative_advice() has special logic against RTF_CACHE, this means each of the three ->negative_advice() existing methods must perform the sk_dst_reset() themselves. Note the check against NULL dst is centralized in __dst_negative_advice(), there is no need to duplicate it in various callbacks. Many thanks to Clement Lecigne for tracking this issue. This old bug became visible after the blamed commit, using UDP sockets.

Details

Severity High

CVSS Score 7.8

CVSS Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE N/A

Public Exploit ✅ No

Source NVD

Published 2024-08-01

Updated 2026-06-13

Modified 2026-06-12

Fix URL https://git.kernel.org/stable/c/051c0bde9f0450a2ec3d62a86d2a0d2fad117f13

Affected Packages

Software	From version	Fixed in
:linux-kernel:	:0	:2024-08-05
debian-linux	—	—
linux-kernel	6.7	6.9.4

References

ADVISORY https://source.android.com/security/bulletin/2024-08-01

FIX https://android.googlesource.com/kernel/common/+/41a05cfc0e471cea173345622375b672edd8ed3c

FIX https://android.googlesource.com/kernel/common/+/dd432c37afcddde2295aa3b3afc3ab293dbefaf8

FIX https://android.googlesource.com/kernel/common/+/079d4f3ff06b21f99aed51d8b22534bdfda5a134

FIX https://android.googlesource.com/kernel/common/+/3856ad0c3e3028d54c8dac960dec411e45c13146

FIX https://android.googlesource.com/kernel/common/+/51e48339d74bc7c4e94fd813fc3e61e0fc0c43ae

FIX https://android.googlesource.com/kernel/common/+/bda79d62f01fdd3398efe0886faa4eb6330889f6

FIX https://android.googlesource.com/kernel/common/+/b8932254b9b2f02620e96572fee9c615c1db2bc3

FIX https://android.googlesource.com/kernel/common/+/9b0dadc811eb0140a61734cde73498c1dd574fa1

FIX https://android.googlesource.com/kernel/common/+/9a84d60e35317c5799ebcbf1c6872f0a2b7d6006

FIX https://android.googlesource.com/kernel/common/+/bd2bcb81d4ebcffd4e56bb8dfe3e3d4c871928f5

FIX https://android.googlesource.com/kernel/common/+/a7462d7032e5ed971980180c6a5aadc8ad700331

🔗 NVD 🔗 Mitre ✅ Fix / Advisory

Similar Threats

Unknown CVE-2020-29374
Unknown CVE-2020-0465
Unknown CVE-2018-25020
Unknown CVE-2020-27068
Unknown CVE-2021-0707

Patch Gap Protection

Running software with known vulnerabilities?

BotEraser can help reduce exposure by blocking IPs associated with exploit activity — even before a patch is available.

Start Free →

No credit card required · Results in minutes

ⓘ Data Notice: The information presented above has been compiled from publicly available internet sources. Boteraser aggregates this data solely for informational purposes and does not independently classify, evaluate, or endorse any findings about the vulnerabilities listed. The accuracy and completeness of this information is the sole responsibility of the original publishers. Boteraser and its operators accept no liability for any decisions made based on this data.

Running software with known vulnerabilities?

Company

Resources

Services

Trusted

Subscribe