CVE-2024-36288

MEDIUM

Linux Kernel - Denial of Service via Infinite Loop in gss_free_in_token_pages

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix loop termination condition in gss_free_in_token_pages() The in_token->pages[] array is not NULL terminated. This results in the following KASAN splat: KASAN: maybe wild-memory-access in range [0x04a2013400000008-0x04a201340000000f]

References (11)

Core 11
Core References

Scores

CVSS v3 5.5
EPSS 0.0027
EPSS Percentile 18.2%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-835
Status published
Products (13)
linux/Kernel 6.9.3 - 6.9.4linux
Linux/Linux 4420b73c7f26fd5fcb37bbce5313dd356ef1b3ca - 6ed45d20d30005bed94c8c527ce51d5ad8121018
Linux/Linux 6.8.12 - 6.9
Linux/Linux 6.9.3 - 6.9.4
Linux/Linux 8ca148915670a2921afcc255af9e1dc80f37b052 - 0a1cb0c6102bb4fd310243588d39461da49497ad
Linux/Linux a3c1afd5d7ad59e34a275d80c428952f83c8c1f0
Linux/Linux ab8466d4e26806a4ae82c282762c4545eecf45ef - 57ff6c0a175930856213b2aa39f8c845a53e5b1c
Linux/Linux bafa6b4d95d97877baa61883ff90f7e374427fae - 4a77c3dead97339478c7422eb07bf4bf63577008
Linux/Linux c1d8c429e4d2ce85ec5c92cf71cb419baf75c56f - af628d43a822b78ad8d4a58d8259f8bf8bc71115
Linux/Linux f148a95f68c66c1b097391b68e153d5a46f0e780 - 4cefcd0af7458bdeff56a9d8dfc6868ce23d128a
... and 3 more
Published Jun 21, 2024
Tracked Since Feb 18, 2026