CVE-2024-36946

MEDIUM

Linux Kernel < 4.19.314 - Memory Leak

Title source: rule

Description

In the Linux kernel, the following vulnerability has been resolved: phonet: fix rtm_phonet_notify() skb allocation fill_route() stores three components in the skb: - struct rtmsg - RTA_DST (u8) - RTA_OIF (u32) Therefore, rtm_phonet_notify() should use NLMSG_ALIGN(sizeof(struct rtmsg)) + nla_total_size(1) + nla_total_size(4)

References (11)

[Patch] https://git.kernel.org/stable/c/4ff334cade9dae50e4be387f71e94fae634aa9b4

[Patch] https://git.kernel.org/stable/c/728a83160f98ee6b60df0d890141b9b7240182fe

[Patch] https://git.kernel.org/stable/c/9a77226440008cf04ba68faf641a2d50f4998137

[Patch] https://git.kernel.org/stable/c/d8cac8568618dcb8a51af3db1103e8d4cc4aeea7

[Patch] https://git.kernel.org/stable/c/dc6beac059f0331de97155a89d84058d4a9e49c7

[Patch] https://git.kernel.org/stable/c/ec1f71c05caeba0f814df77e0f511d8b4618623a

[Patch] https://git.kernel.org/stable/c/ee9e39a6cb3ca2a3d35b4ae25547ee3526a44d00

[Patch] https://git.kernel.org/stable/c/f085e02f0a32f6dfcfabc6535c9c4a1707cef86b

[Third Party Advisory] https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html

[Third Party Advisory] https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

[Third Party Advisory] https://security.netapp.com/advisory/ntap-20241004-0002/

Scores

CVSS v3 5.5

EPSS 0.0003

EPSS Percentile 7.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-401

Status published

Affected Products (16)

linux/linux_kernel < 4.19.314

linux/linux_kernel

linux/linux_kernel

linux/linux_kernel

linux/linux_kernel

linux/linux_kernel

linux/linux_kernel

linux/linux_kernel

debian/debian_linux

linux/Kernel < 4.19.314linux

linux/Kernel < 5.4.276linux

linux/Kernel < 5.10.217linux

linux/Kernel < 5.15.159linux

linux/Kernel < 6.1.91linux

linux/Kernel < 6.6.31linux

... and 1 more

Timeline

Published May 30, 2024

Tracked Since Feb 18, 2026