PT-2024-4105 · Linux+10 · Linux Kernel+10
Syzbot
·
Published
2024-05-08
·
Updated
2025-09-29
·
CVE-2024-36902
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 6.6.37
Description
The issue is related to a possible NULL dereference in the
fib6 rule action() function, which can be triggered by unsafe ip6 dst idev() use. This can cause a general protection fault and potentially lead to a denial-of-service condition. The vulnerability is exploitable remotely.Recommendations
To resolve the issue, update the Linux kernel to version 6.6.37 or later. This update includes fixes for the vulnerability, ensuring that
ip6 dst idev() is properly checked to avoid NULL dereferences.Exploit
Fix
DoS
NULL Pointer Dereference
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu