FKIE_CVE-2024-36954
Vulnerability from fkie_nvd - Published: 2024-05-30 16:15 - Updated: 2026-06-17 07:37
Severity
Summary
In the Linux kernel, the following vulnerability has been resolved:
tipc: fix a possible memleak in tipc_buf_append
__skb_linearize() doesn't free the skb when it fails, so move
'*buf = NULL' after __skb_linearize(), so that the skb can be
freed on the err path.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | 6.9 | |
| linux | linux_kernel | 6.9 | |
| linux | linux_kernel | 6.9 | |
| linux | linux_kernel | 6.9 | |
| linux | linux_kernel | 6.9 | |
| linux | linux_kernel | 6.9 | |
| debian | debian_linux | 10.0 |
{
"affected": [
{
"affectedData": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/tipc/msg.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "01cd1b7b685751ee422d00d050292a3d277652d6",
"status": "affected",
"version": "4b1761898861117c97066aea6c58f68a7787f0bf",
"versionType": "git"
},
{
"lessThan": "2f87fd9476cf9725d774e6dcb7d17859c6a6d1ae",
"status": "affected",
"version": "64d17ec9f1ded042c4b188d15734f33486ed9966",
"versionType": "git"
},
{
"lessThan": "adbce6d20da6254c86425a8d4359b221b5ccbccd",
"status": "affected",
"version": "6da24cfc83ba4f97ea44fc7ae9999a006101755c",
"versionType": "git"
},
{
"lessThan": "42c8471b0566c7539e7dd584b4d0ebd3cec8cb2c",
"status": "affected",
"version": "b7df21cf1b79ab7026f545e7bf837bd5750ac026",
"versionType": "git"
},
{
"lessThan": "d03a82f4f8144befdc10518e732e2a60b34c870e",
"status": "affected",
"version": "b7df21cf1b79ab7026f545e7bf837bd5750ac026",
"versionType": "git"
},
{
"lessThan": "614c5a5ae45a921595952117b2e2bd4d4bf9b574",
"status": "affected",
"version": "b7df21cf1b79ab7026f545e7bf837bd5750ac026",
"versionType": "git"
},
{
"lessThan": "3210d34fda4caff212cb53729e6bd46de604d565",
"status": "affected",
"version": "b7df21cf1b79ab7026f545e7bf837bd5750ac026",
"versionType": "git"
},
{
"lessThan": "97bf6f81b29a8efaf5d0983251a7450e5794370d",
"status": "affected",
"version": "b7df21cf1b79ab7026f545e7bf837bd5750ac026",
"versionType": "git"
},
{
"status": "affected",
"version": "b2c8d28c34b3070407cb1741f9ba3f15d0284b8b",
"versionType": "git"
},
{
"status": "affected",
"version": "5489f30bb78ff0dafb4229a69632afc2ba20765c",
"versionType": "git"
},
{
"status": "affected",
"version": "436d650d374329a591c30339a91fa5078052ed1e",
"versionType": "git"
},
{
"status": "affected",
"version": "ace300eecbccaa698e2b472843c74a5f33f7dce8",
"versionType": "git"
},
{
"lessThan": "4.19.314",
"status": "affected",
"version": "4.19.193",
"versionType": "semver"
},
{
"lessThan": "5.4.276",
"status": "affected",
"version": "5.4.124",
"versionType": "semver"
},
{
"lessThan": "5.10.217",
"status": "affected",
"version": "5.10.42",
"versionType": "semver"
},
{
"lessThan": "4.5",
"status": "affected",
"version": "4.4.271",
"versionType": "semver"
},
{
"lessThan": "4.10",
"status": "affected",
"version": "4.9.271",
"versionType": "semver"
},
{
"lessThan": "4.15",
"status": "affected",
"version": "4.14.235",
"versionType": "semver"
},
{
"lessThan": "5.13",
"status": "affected",
"version": "5.12.9",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/tipc/msg.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.13"
},
{
"lessThan": "5.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.314",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.276",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.217",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1B511FF-B35C-4F12-BC59-FC0C59B5ED9B",
"versionEndExcluding": "4.5",
"versionStartIncluding": "4.4.271",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7F201161-7061-4D21-AB64-08FE904827C3",
"versionEndExcluding": "4.10",
"versionStartIncluding": "4.9.271",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5B377D18-E1AC-4086-BD80-E5A6E29501C2",
"versionEndExcluding": "4.15",
"versionStartIncluding": "4.14.235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CC3FE8F6-AF63-41C0-BCD1-8A6DF9BB8B9E",
"versionEndExcluding": "4.19.314",
"versionStartIncluding": "4.19.193",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C2251C5-3675-475C-A6CF-65DCB7DF9763",
"versionEndExcluding": "5.4.276",
"versionStartIncluding": "5.4.124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A43FC5E3-31B4-40D2-A5F9-DCE255ACC316",
"versionEndExcluding": "5.10.217",
"versionStartIncluding": "5.10.42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73FC57AB-D423-4492-B328-1585612B34E6",
"versionEndExcluding": "5.15.159",
"versionStartIncluding": "5.12.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F8C886C-75AA-469B-A6A9-12BF1A29C0D5",
"versionEndExcluding": "6.1.91",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CDDB1F69-36AC-41C1-9192-E7CCEF5FFC00",
"versionEndExcluding": "6.6.31",
"versionStartIncluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A6B920C-8D8F-4130-86B4-AD334F4CF2E3",
"versionEndExcluding": "6.8.10",
"versionStartIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:*",
"matchCriteriaId": "22BEDD49-2C6D-402D-9DBF-6646F6ECD10B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc2:*:*:*:*:*:*",
"matchCriteriaId": "DF73CB2A-DFFD-46FB-9BFE-AA394F27EA37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc3:*:*:*:*:*:*",
"matchCriteriaId": "52048DDA-FC5A-4363-95A0-A6357B4D7F8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc4:*:*:*:*:*:*",
"matchCriteriaId": "A06B2CCF-3F43-4FA9-8773-C83C3F5764B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc5:*:*:*:*:*:*",
"matchCriteriaId": "F850DCEC-E08B-4317-A33B-D2DCF39F601B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc6:*:*:*:*:*:*",
"matchCriteriaId": "91326417-E981-482E-A5A3-28BC1327521B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: fix a possible memleak in tipc_buf_append\n\n__skb_linearize() doesn\u0027t free the skb when it fails, so move\n\u0027*buf = NULL\u0027 after __skb_linearize(), so that the skb can be\nfreed on the err path."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tipc: soluciona un posible memleak en tipc_buf_append __skb_linearize() no libera el skb cuando falla, as\u00ed que mueve \u0027*buf = NULL\u0027 despu\u00e9s de __skb_linearize(), para que el skb se puede liberar en la ruta de error."
}
],
"id": "CVE-2024-36954",
"lastModified": "2026-06-17T07:37:26.603",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"ssvcV203": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"ssvcData": {
"id": "CVE-2024-36954",
"options": [
{
"exploitation": "none"
},
{
"automatable": "no"
},
{
"technicalImpact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:15:38.594682Z",
"version": "2.0.3"
}
}
]
},
"published": "2024-05-30T16:15:18.313",
"references": [
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/01cd1b7b685751ee422d00d050292a3d277652d6"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/2f87fd9476cf9725d774e6dcb7d17859c6a6d1ae"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/3210d34fda4caff212cb53729e6bd46de604d565"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/42c8471b0566c7539e7dd584b4d0ebd3cec8cb2c"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/614c5a5ae45a921595952117b2e2bd4d4bf9b574"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/97bf6f81b29a8efaf5d0983251a7450e5794370d"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/adbce6d20da6254c86425a8d4359b221b5ccbccd"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/d03a82f4f8144befdc10518e732e2a60b34c870e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/01cd1b7b685751ee422d00d050292a3d277652d6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/2f87fd9476cf9725d774e6dcb7d17859c6a6d1ae"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/3210d34fda4caff212cb53729e6bd46de604d565"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/42c8471b0566c7539e7dd584b4d0ebd3cec8cb2c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/614c5a5ae45a921595952117b2e2bd4d4bf9b574"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/97bf6f81b29a8efaf5d0983251a7450e5794370d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/adbce6d20da6254c86425a8d4359b221b5ccbccd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/d03a82f4f8144befdc10518e732e2a60b34c870e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-401"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…