CVE-2024-36939Resource Injection in Linux

CWE-99Resource Injection40 documents6 sources
Severity
5.5MEDIUMNVD
OSV7.8OSV6.5
EPSS
0.0%
top 96.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
LinuxLinux KernelDebian Linux+1 more
Timeline
PublishedMay 30
Latest updateSep 18

Description

In the Linux kernel, the following vulnerability has been resolved: nfs: Handle error of rpc_proc_register() in nfs_net_init(). syzkaller reported a warning [0] triggered while destroying immature netns. rpc_proc_register() was called in init_nfs_fs(), but its error has been ignored since at least the initial commit 1da177e4c3f4 ("Linux-2.6.12-rc2"). Recently, commit d47151b79e32 ("nfs: expose /proc/net/sunrpc/nfs in net namespaces") converted the procfs to per-netns and made the problem mor

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

NVDlinux/linux_kernel2.6.135.4.276+7
Debianlinux/linux_kernel< 5.10.218-1+3
Ubuntulinux/linux_kernel< 5.4.0-192.212+2
CVEListV5linux/linux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2b33ca18c3a1190208dfd569c4fa8a2f93084709f+7
debiandebian/linux< linux 6.1.94-1 (bookworm)

Also affects: Debian Linux 10.0

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

19
OSV
linux-xilinx-zynqmp vulnerabilities2024-09-18
OSV
linux-raspi-5.4 vulnerabilities2024-08-22
OSV
linux-hwe-5.15 vulnerabilities2024-08-21
OSV
linux-bluefield vulnerabilities2024-08-21
OSV
linux-azure-5.4 vulnerabilities2024-08-19

📋Vendor Advisories

19
Ubuntu
Linux kernel vulnerabilities2024-09-18
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2024-08-22
Ubuntu
Linux kernel (HWE) vulnerabilities2024-08-21
Ubuntu
Linux kernel (BlueField) vulnerabilities2024-08-21
Ubuntu
Linux kernel (Azure) vulnerabilities2024-08-19

💬Community

1
Bugzilla
CVE-2024-36939 kernel: nfs: Handle error of rpc_proc_register() in nfs_net_init().2024-06-03