CVE-2024-36907

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.8.0-rc6+

Description The vulnerability is related to the SUNRPC module in the Linux kernel, specifically with the TCP TLS functionality. A missing rpc stat for TCP TLS can cause a kernel NULL pointer dereference when mounting with xprtsec=tls, leading to a kernel oops. The issue arises from a commit that added functionality to specify rpc stats function but missed adding it to the TCP TLS functionality.

Recommendations To resolve the issue, update the Linux kernel to a version that includes the fix for the SUNRPC vulnerability, which adds the missing rpc stat for TCP TLS. Ensure that the updated kernel version is compatible with your system and configuration.

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476CWE-431

Related Identifiers

BDU:2024-04558

CVE-2024-36907

ECHO-3EFE-8876-E479

SUSE-SU-2024:3194-1

SUSE-SU-2024:3195-1

SUSE-SU-2024:3383-1

SUSE-SU-2025:20044-1

SUSE-SU-2025:20047-1

Affected Products

Debian

Linux Kernel

Suse

CVE-2024-36907

Weakness Enumeration

Related Identifiers

Affected Products

References · 914