PT-2024-5775 · Linux+6 · Linux Kernel+6

Syzbot

·

Published

2024-04-23

·

Updated

2025-09-29

·

CVE-2024-36008

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.37
Description The vulnerability is related to a NULL pointer dereference in the fib validate source() function in the Linux kernel's IPv4 component. This issue can be triggered by syzbot in an old tree and appears to exist in the latest trees as well. The vulnerability can cause a general protection fault, likely due to a non-canonical address. All calls to in dev get rcu() must be checked for a NULL result to prevent this issue.
Recommendations To resolve this issue, update the Linux kernel to version 6.6.37 or later. Ensure that all calls to in dev get rcu() are checked for a NULL result to prevent NULL pointer dereferences. As a temporary workaround, consider disabling the fib validate source() function until a patch is available. However, this may have unintended consequences on network functionality and should be used with caution.

Exploit

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALSA-2025_16880
ALT-PU-2024-11524
ALT-PU-2024-13979
ALT-PU-2024-14046
ALT-PU-2024-7511
ALT-PU-2024-9131
AZL-42132
AZL-42159
AZL-42166
AZL-42243
BDU:2024-06488
CVE-2024-36008
DLA-3842-1
MGASA-2024-0263
MGASA-2024-0266
OESA-2024-1682
OESA-2024-1706
OPENSUSE-SU-2024_2372-1
OPENSUSE-SU-2024_2394-1
SUSE-SU-2024:2372-1
SUSE-SU-2024:2394-1
SUSE-SU-2024:2571-1
SUSE-SU-2024:2896-1
SUSE-SU-2024:2939-1
SUSE-SU-2024:2973-1
SUSE-SU-2025:20008-1
SUSE-SU-2025:20028-1
USN-6898-1
USN-6898-2
USN-6898-3
USN-6898-4
USN-6917-1
USN-6919-1
USN-6921-1
USN-6921-2
USN-6927-1
USN-6952-1
USN-6952-2
USN-7019-1

Affected Products

Alt Linux
Astra Linux
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu