PT-2024-9004 · Linux+9 · Linux Kernel+9

Felix Fietkau

·

Published

2024-05-30

·

Updated

2025-09-29

·

CVE-2024-36929

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)
Description: The issue is related to the incorrect handling of errors in the Linux kernel's core component, specifically with the skb copy and skb copy expand functions when dealing with SKB GSO FRAGLIST skbs. These skbs must not be linearized, as this would make them invalid and potentially lead to a crash when skb gso segment is called later. The vulnerability can be exploited to cause a denial of service.
Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-476CWE-388

Related Identifiers

ALSA-2024:5101
ALSA-2024:5102
ALSA-2024:5363
ALSA-2025_16880
BDU:2024-10686
CESA-2024_5101
CESA-2024_5102
CVE-2024-36929
DLA-3843-1
DSA-5703-1
INFSA-2024_5101
INFSA-2024_5102
INFSA-2024_5363
MGASA-2024-0263
MGASA-2024-0266
OESA-2024-1706
OESA-2024-1707
OESA-2024-1863
OPENSUSE-SU-2024_3190-1
OPENSUSE-SU-2024_3209-1
OPENSUSE-SU-2024_3483-1
RHSA-2024:4902
RHSA-2024:5066
RHSA-2024:5067
RHSA-2024:5101
RHSA-2024:5102
RHSA-2024:5363
RHSA-2024:6993
RHSA-2024_5101
RHSA-2024_5102
RHSA-2024_5363
RLSA-2024:5101
RLSA-2024:5102
RLSA-2024:5363
RXSA-2024:5101
SUSE-SU-2024:3190-1
SUSE-SU-2024:3194-1
SUSE-SU-2024:3195-1
SUSE-SU-2024:3209-1
SUSE-SU-2024:3383-1
SUSE-SU-2024:3483-1
SUSE-SU-2025:20044-1
SUSE-SU-2025:20047-1
USN-6949-1
USN-6949-2
USN-6950-1
USN-6950-2
USN-6950-3
USN-6950-4
USN-6952-1
USN-6952-2
USN-6955-1
USN-6956-1
USN-6957-1
USN-7019-1

Affected Products

Almalinux
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu