CVE-2024-36886

Name of the Vulnerable Software and Affected Versions Linux Kernel versions prior to 6.8.2

Description The vulnerability is related to a Use-After-Free (UAF) bug in the tipc buf append() function in the Linux kernel's Transparent Inter-Process Communication (TIPC) module. This bug can be exploited to execute arbitrary code, potentially leading to a remote code execution vulnerability. The issue arises from a slab-use-after-free error in the kfree skb list reason() function.

Recommendations To resolve this issue, update the Linux Kernel to a version that includes the fix for this vulnerability. Specifically, versions prior to 6.8.2 are affected, so updating to 6.8.2 or later should mitigate this vulnerability. As a temporary workaround, consider disabling the tipc buf append() function until a patch is available. However, this may have implications for the functionality of the TIPC module and should be carefully considered before implementation.