CVE-2024-36903

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to a potential uninit-value access in the ip6 make skb() function. To avoid a race condition, the code now checks FLOWI FLAG KNOWN NH on fl6->flowi6 flags instead of testing HDRINCL on the socket. This change was made to fix a potential vulnerability, similar to a fix made for IPv4 in commit fc1092f51567.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Use of Uninitialized Resource

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-908CWE-362

Related Identifiers

ALSA-2024:5363

ALSA-2025_16880

AZL-56225

BDU:2025-03058

CVE-2024-36903

DLA-4271-1

DSA-5925-1

ECHO-E455-3102-5BB7

INFSA-2024_5363

MGASA-2024-0263

MGASA-2024-0266

OESA-2024-1705

OESA-2024-1707

OESA-2024-1766

RHSA-2024:5363

RHSA-2024_5363

RLSA-2024:5363

SUSE-SU-2024:2571-1

SUSE-SU-2024:2896-1

SUSE-SU-2024:2973-1

SUSE-SU-2025:20008-1

SUSE-SU-2025:20028-1

SUSE-SU-2026:0473-1

USN-6949-1

USN-6949-2

USN-6952-1

USN-6952-2

USN-6955-1

USN-8096-1

USN-8096-2

USN-8096-3

USN-8096-4

USN-8096-5

USN-8116-1

USN-8141-1

USN-8163-1

USN-8163-2

USN-8243-1

Affected Products

Almalinux

Astra Linux

Debian

Linuxmint

Linux Kernel

Red Hat

Rocky Linux

Suse

Ubuntu

CVE-2024-36903

Weakness Enumeration

Related Identifiers

Affected Products

References · 3195