CVE-2024-36886 — Use After Free in Linux
Severity
7.8HIGHNVD
OSV6.5OSV5.5
EPSS
0.2%
top 57.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 30
Latest updateApr 8
Description
In the Linux kernel, the following vulnerability has been resolved:
tipc: fix UAF in error path
Sam Page (sam4k) working with Trend Micro Zero Day Initiative reported
a UAF in the tipc_buf_append() error path:
BUG: KASAN: slab-use-after-free in kfree_skb_list_reason+0x47e/0x4c0
linux/net/core/skbuff.c:1183
Read of size 8 at addr ffff88804d2a7c80 by task poc/8034
CPU: 1 PID: 8034 Comm: poc Not tainted 6.8.2 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
1.16.0-debian-1.16.0-5 …
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages6 packages
▶CVEListV5linux/linux1149557d64c97dc9adf3103347a1c0e8c06d3b89 — e19ec8ab0e25bc4803d7cc91c84e84532e2781bd+8
Also affects: Debian Linux 10.0