PT-2024-4104 · Linux+10 · Linux Kernel+10
Syzbot
·
Published
2024-05-08
·
Updated
2025-09-29
·
CVE-2024-36901
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:L/Au:S/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 6.6.37
Description
A vulnerability in the Linux kernel's IPv6 implementation allows for a NULL pointer dereference in the
ip6 output() function. This can cause a general protection fault and potentially lead to a denial-of-service. The issue is related to the ip6 dst idev() function returning NULL in certain cases. Most places in the IPv6 stack handle a NULL idev fine, but not in this specific case.Recommendations
To resolve this issue, update the Linux kernel to version 6.6.37 or later. This update includes the fix for the NULL pointer dereference in
ip6 output(). If updating is not possible, consider disabling the ip6 output() function or restricting its use as a temporary workaround until a patch can be applied.Exploit
Fix
DoS
NULL Pointer Dereference
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu