PT-2021-8213 · Linux+5 · Linux Kernel+5

Joakim Sindholt

Published

2021-12-14

Updated

2025-03-13

CVE-2024-36964

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to the fs/9p component of the Linux kernel, where incorrect permissions in the p9mode2perm() function can be exploited, allowing an attacker to read and manipulate data. The vulnerability is caused by garbage in plain 9P2000's perm bits being allowed through, which can set the suid bit among others. This was presumably not the intent since the unix extended bits are handled explicitly and conditionally.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

BDU:2024-11526

CVE-2024-36964

DLA-3840-1

MGASA-2024-0263

MGASA-2024-0266

OESA-2024-1705

OESA-2024-1706

OESA-2024-1707

OESA-2024-1960

OPENSUSE-SU-2024_2362-1

OPENSUSE-SU-2024_2372-1

OPENSUSE-SU-2024_2394-1

OPENSUSE-SU-2024_3623-1

OPENSUSE-SU-2024_3624-1

OPENSUSE-SU-2024_3625-1

OPENSUSE-SU-2024_3631-1

OPENSUSE-SU-2024_3632-1

OPENSUSE-SU-2024_3635-1

OPENSUSE-SU-2024_3638-1

OPENSUSE-SU-2024_3639-1

OPENSUSE-SU-2024_3643-1

OPENSUSE-SU-2024_3648-1

OPENSUSE-SU-2024_3651-1

OPENSUSE-SU-2024_3652-1

OPENSUSE-SU-2024_3655-1

OPENSUSE-SU-2024_3661-1

OPENSUSE-SU-2024_3666-1

OPENSUSE-SU-2024_3670-1

OPENSUSE-SU-2024_3672-1

OPENSUSE-SU-2024_3679-1

OPENSUSE-SU-2024_3685-1

OPENSUSE-SU-2024_3690-1

OPENSUSE-SU-2024_3694-1

OPENSUSE-SU-2024_3695-1

OPENSUSE-SU-2024_3696-1

OPENSUSE-SU-2024_3697-1

OPENSUSE-SU-2024_3700-1

OPENSUSE-SU-2024_3701-1

OPENSUSE-SU-2024_3706-1

OPENSUSE-SU-2024_3710-1

OPENSUSE-SU-2024_3774-1

OPENSUSE-SU-2024_3780-1

OPENSUSE-SU-2024_3793-1

OPENSUSE-SU-2024_3798-1

OPENSUSE-SU-2024_3806-1

OPENSUSE-SU-2024_3814-1

OPENSUSE-SU-2024_3815-1

OPENSUSE-SU-2024_3829-1

OPENSUSE-SU-2024_3830-1

OPENSUSE-SU-2024_3831-1

OPENSUSE-SU-2024_3837-1

OPENSUSE-SU-2024_3842-1

OPENSUSE-SU-2024_3851-1

OPENSUSE-SU-2024_3852-1

OPENSUSE-SU-2024_3854-1

OPENSUSE-SU-2024_3855-1

OPENSUSE-SU-2024_3857-1

OPENSUSE-SU-2024_3860-1

OPENSUSE-SU-2024_3880-1

OPENSUSE-SU-2024_4122-1

OPENSUSE-SU-2024_4123-1

OPENSUSE-SU-2024_4124-1

OPENSUSE-SU-2024_4125-1

OPENSUSE-SU-2024_4180-1

OPENSUSE-SU-2024_4207-1

OPENSUSE-SU-2024_4214-1

OPENSUSE-SU-2024_4216-1

OPENSUSE-SU-2024_4218-1

OPENSUSE-SU-2024_4234-1

OPENSUSE-SU-2024_4235-1

OPENSUSE-SU-2024_4236-1

OPENSUSE-SU-2024_4243-1

OPENSUSE-SU-2024_4246-1

OPENSUSE-SU-2024_4256-1

OPENSUSE-SU-2024_4264-1

OPENSUSE-SU-2024_4266-1

OPENSUSE-SU-2024_4275-1

OPENSUSE-SU-2025_0101-1

OPENSUSE-SU-2025_0106-1

OPENSUSE-SU-2025_0107-1

OPENSUSE-SU-2025_0109-1

OPENSUSE-SU-2025_0110-1

OPENSUSE-SU-2025_0114-1

OPENSUSE-SU-2025_0115-1

OPENSUSE-SU-2025_0124-1

OPENSUSE-SU-2025_0131-1

OPENSUSE-SU-2025_0137-1

OPENSUSE-SU-2025_0146-1

OPENSUSE-SU-2025_0150-1

OPENSUSE-SU-2025_0158-1

OPENSUSE-SU-2025_0164-1

OPENSUSE-SU-2025_0238-1

OPENSUSE-SU-2025_0239-1

OPENSUSE-SU-2025_0240-1

OPENSUSE-SU-2025_0244-1

OPENSUSE-SU-2025_0248-1

OPENSUSE-SU-2025_0249-1

OPENSUSE-SU-2025_0251-1

OPENSUSE-SU-2025_0252-1

OPENSUSE-SU-2025_0253-1

OPENSUSE-SU-2025_0254-1

OPENSUSE-SU-2025_0261-1

OPENSUSE-SU-2025_0264-1

OPENSUSE-SU-2025_0266-1

SUSE-SU-2024:2360-1

SUSE-SU-2024:2362-1

SUSE-SU-2024:2365-1

SUSE-SU-2024:2372-1

SUSE-SU-2024:2381-1

SUSE-SU-2024:2384-1

SUSE-SU-2024:2385-1

SUSE-SU-2024:2394-1

SUSE-SU-2024:2495-1

SUSE-SU-2024:2561-1

SUSE-SU-2024:2571-1

SUSE-SU-2024:2895-1

SUSE-SU-2024:2896-1

SUSE-SU-2024:2939-1

SUSE-SU-2024:2973-1

SUSE-SU-2024:3623-1

SUSE-SU-2024:3624-1

SUSE-SU-2024:3625-1

SUSE-SU-2024:3628-1

SUSE-SU-2024:3631-1

SUSE-SU-2024:3632-1

SUSE-SU-2024:3635-1

SUSE-SU-2024:3638-1

SUSE-SU-2024:3639-1

SUSE-SU-2024:3640-1

SUSE-SU-2024:3641-1

SUSE-SU-2024:3642-1

SUSE-SU-2024:3643-1

SUSE-SU-2024:3648-1

SUSE-SU-2024:3649-1

SUSE-SU-2024:3651-1

SUSE-SU-2024:3652-1

SUSE-SU-2024:3655-1

SUSE-SU-2024:3660-1

SUSE-SU-2024:3661-1

SUSE-SU-2024:3662-1

SUSE-SU-2024:3663-1

SUSE-SU-2024:3666-1

SUSE-SU-2024:3670-1

SUSE-SU-2024:3672-1

SUSE-SU-2024:3674-1

SUSE-SU-2024:3676-1

SUSE-SU-2024:3679-1

SUSE-SU-2024:3685-1

SUSE-SU-2024:3687-1

SUSE-SU-2024:3690-1

SUSE-SU-2024:3694-1

SUSE-SU-2024:3695-1

SUSE-SU-2024:3696-1

SUSE-SU-2024:3697-1

SUSE-SU-2024:3700-1

SUSE-SU-2024:3701-1

SUSE-SU-2024:3706-1

SUSE-SU-2024:3710-1

SUSE-SU-2024:3774-1

SUSE-SU-2024:3780-1

SUSE-SU-2024:3793-1

SUSE-SU-2024:3796-1

SUSE-SU-2024:3798-1

SUSE-SU-2024:3800-1

SUSE-SU-2024:3803-1

SUSE-SU-2024:3806-1

SUSE-SU-2024:3814-1

SUSE-SU-2024:3815-1

SUSE-SU-2024:3820-1

SUSE-SU-2024:3821-1

SUSE-SU-2024:3822-1

SUSE-SU-2024:3829-1

SUSE-SU-2024:3830-1

SUSE-SU-2024:3831-1

SUSE-SU-2024:3837-1

SUSE-SU-2024:3842-1

SUSE-SU-2024:3849-1

SUSE-SU-2024:3851-1

SUSE-SU-2024:3852-1

SUSE-SU-2024:3854-1

SUSE-SU-2024:3855-1

SUSE-SU-2024:3857-1

SUSE-SU-2024:3860-1

SUSE-SU-2024:3880-1

SUSE-SU-2024:4122-1

SUSE-SU-2024:4123-1

SUSE-SU-2024:4124-1

SUSE-SU-2024:4125-1

SUSE-SU-2024:4180-1

SUSE-SU-2024:4197-1

SUSE-SU-2024:4207-1

SUSE-SU-2024:4214-1

SUSE-SU-2024:4216-1

SUSE-SU-2024:4218-1

SUSE-SU-2024:4226-1

SUSE-SU-2024:4231-1

SUSE-SU-2024:4234-1

SUSE-SU-2024:4235-1

SUSE-SU-2024:4236-1

SUSE-SU-2024:4242-1

SUSE-SU-2024:4243-1

SUSE-SU-2024:4246-1

SUSE-SU-2024:4249-1

SUSE-SU-2024:4250-1

SUSE-SU-2024:4256-1

SUSE-SU-2024:4263-1

SUSE-SU-2024:4264-1

SUSE-SU-2024:4266-1

SUSE-SU-2024:4275-1

SUSE-SU-2025:0091-1

SUSE-SU-2025:0097-1

SUSE-SU-2025:0101-1

SUSE-SU-2025:0103-1

SUSE-SU-2025:0106-1

SUSE-SU-2025:0107-1

SUSE-SU-2025:0109-1

SUSE-SU-2025:0110-1

SUSE-SU-2025:0114-1

SUSE-SU-2025:0115-1

SUSE-SU-2025:0124-1

SUSE-SU-2025:0131-1

SUSE-SU-2025:0137-1

SUSE-SU-2025:0146-1

SUSE-SU-2025:0150-1

SUSE-SU-2025:0158-1

SUSE-SU-2025:0164-1

SUSE-SU-2025:0238-1

SUSE-SU-2025:0239-1

SUSE-SU-2025:0240-1

SUSE-SU-2025:0244-1

SUSE-SU-2025:0248-1

SUSE-SU-2025:0249-1

SUSE-SU-2025:0251-1

SUSE-SU-2025:0252-1

SUSE-SU-2025:0253-1

SUSE-SU-2025:0254-1

SUSE-SU-2025:0261-1

SUSE-SU-2025:0264-1

SUSE-SU-2025:0266-1

SUSE-SU-2025:20008-1

SUSE-SU-2025:20028-1

USN-6949-1

USN-6949-2

USN-6950-1

USN-6950-2

USN-6950-3

USN-6950-4

USN-6951-1

USN-6951-2

USN-6951-3

USN-6951-4

USN-6952-1

USN-6952-2

USN-6953-1

USN-6955-1

USN-6956-1

USN-6957-1

USN-6979-1

USN-7019-1

USN-7332-1

USN-7332-2

USN-7332-3

USN-7333-1

USN-7342-1

USN-7344-1

USN-7344-2

Affected Products

Astra Linux

Linuxmint

Linux Kernel

Red Os

Suse

Ubuntu

PT-2021-8213 · Linux+5 · Linux Kernel+5

CVE-2024-36964

Weakness Enumeration

Related Identifiers

Affected Products

References · 3864