{
    "dataType": "CVE_RECORD",
    "cveMetadata": {
        "cveId": "CVE-2024-36886",
        "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "state": "PUBLISHED",
        "assignerShortName": "Linux",
        "dateReserved": "2024-05-30T15:25:07.065Z",
        "datePublished": "2024-05-30T15:28:55.059Z",
        "dateUpdated": "2024-10-18T13:07:39.609Z"
    },
    "containers": {
        "cna": {
            "providerMetadata": {
                "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
                "shortName": "Linux",
                "dateUpdated": "2024-05-30T15:28:55.059Z"
            },
            "descriptions": [
                {
                    "lang": "en",
                    "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: fix UAF in error path\n\nSam Page (sam4k) working with Trend Micro Zero Day Initiative reported\na UAF in the tipc_buf_append() error path:\n\nBUG: KASAN: slab-use-after-free in kfree_skb_list_reason+0x47e/0x4c0\nlinux/net/core/skbuff.c:1183\nRead of size 8 at addr ffff88804d2a7c80 by task poc/8034\n\nCPU: 1 PID: 8034 Comm: poc Not tainted 6.8.2 #1\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\n1.16.0-debian-1.16.0-5 04/01/2014\nCall Trace:\n <IRQ>\n __dump_stack linux/lib/dump_stack.c:88\n dump_stack_lvl+0xd9/0x1b0 linux/lib/dump_stack.c:106\n print_address_description linux/mm/kasan/report.c:377\n print_report+0xc4/0x620 linux/mm/kasan/report.c:488\n kasan_report+0xda/0x110 linux/mm/kasan/report.c:601\n kfree_skb_list_reason+0x47e/0x4c0 linux/net/core/skbuff.c:1183\n skb_release_data+0x5af/0x880 linux/net/core/skbuff.c:1026\n skb_release_all linux/net/core/skbuff.c:1094\n __kfree_skb linux/net/core/skbuff.c:1108\n kfree_skb_reason+0x12d/0x210 linux/net/core/skbuff.c:1144\n kfree_skb linux/./include/linux/skbuff.h:1244\n tipc_buf_append+0x425/0xb50 linux/net/tipc/msg.c:186\n tipc_link_input+0x224/0x7c0 linux/net/tipc/link.c:1324\n tipc_link_rcv+0x76e/0x2d70 linux/net/tipc/link.c:1824\n tipc_rcv+0x45f/0x10f0 linux/net/tipc/node.c:2159\n tipc_udp_recv+0x73b/0x8f0 linux/net/tipc/udp_media.c:390\n udp_queue_rcv_one_skb+0xad2/0x1850 linux/net/ipv4/udp.c:2108\n udp_queue_rcv_skb+0x131/0xb00 linux/net/ipv4/udp.c:2186\n udp_unicast_rcv_skb+0x165/0x3b0 linux/net/ipv4/udp.c:2346\n __udp4_lib_rcv+0x2594/0x3400 linux/net/ipv4/udp.c:2422\n ip_protocol_deliver_rcu+0x30c/0x4e0 linux/net/ipv4/ip_input.c:205\n ip_local_deliver_finish+0x2e4/0x520 linux/net/ipv4/ip_input.c:233\n NF_HOOK linux/./include/linux/netfilter.h:314\n NF_HOOK linux/./include/linux/netfilter.h:308\n ip_local_deliver+0x18e/0x1f0 linux/net/ipv4/ip_input.c:254\n dst_input linux/./include/net/dst.h:461\n ip_rcv_finish linux/net/ipv4/ip_input.c:449\n NF_HOOK linux/./include/linux/netfilter.h:314\n NF_HOOK linux/./include/linux/netfilter.h:308\n ip_rcv+0x2c5/0x5d0 linux/net/ipv4/ip_input.c:569\n __netif_receive_skb_one_core+0x199/0x1e0 linux/net/core/dev.c:5534\n __netif_receive_skb+0x1f/0x1c0 linux/net/core/dev.c:5648\n process_backlog+0x101/0x6b0 linux/net/core/dev.c:5976\n __napi_poll.constprop.0+0xba/0x550 linux/net/core/dev.c:6576\n napi_poll linux/net/core/dev.c:6645\n net_rx_action+0x95a/0xe90 linux/net/core/dev.c:6781\n __do_softirq+0x21f/0x8e7 linux/kernel/softirq.c:553\n do_softirq linux/kernel/softirq.c:454\n do_softirq+0xb2/0xf0 linux/kernel/softirq.c:441\n </IRQ>\n <TASK>\n __local_bh_enable_ip+0x100/0x120 linux/kernel/softirq.c:381\n local_bh_enable linux/./include/linux/bottom_half.h:33\n rcu_read_unlock_bh linux/./include/linux/rcupdate.h:851\n __dev_queue_xmit+0x871/0x3ee0 linux/net/core/dev.c:4378\n dev_queue_xmit linux/./include/linux/netdevice.h:3169\n neigh_hh_output linux/./include/net/neighbour.h:526\n neigh_output linux/./include/net/neighbour.h:540\n ip_finish_output2+0x169f/0x2550 linux/net/ipv4/ip_output.c:235\n __ip_finish_output linux/net/ipv4/ip_output.c:313\n __ip_finish_output+0x49e/0x950 linux/net/ipv4/ip_output.c:295\n ip_finish_output+0x31/0x310 linux/net/ipv4/ip_output.c:323\n NF_HOOK_COND linux/./include/linux/netfilter.h:303\n ip_output+0x13b/0x2a0 linux/net/ipv4/ip_output.c:433\n dst_output linux/./include/net/dst.h:451\n ip_local_out linux/net/ipv4/ip_output.c:129\n ip_send_skb+0x3e5/0x560 linux/net/ipv4/ip_output.c:1492\n udp_send_skb+0x73f/0x1530 linux/net/ipv4/udp.c:963\n udp_sendmsg+0x1a36/0x2b40 linux/net/ipv4/udp.c:1250\n inet_sendmsg+0x105/0x140 linux/net/ipv4/af_inet.c:850\n sock_sendmsg_nosec linux/net/socket.c:730\n __sock_sendmsg linux/net/socket.c:745\n __sys_sendto+0x42c/0x4e0 linux/net/socket.c:2191\n __do_sys_sendto linux/net/socket.c:2203\n __se_sys_sendto linux/net/socket.c:2199\n __x64_sys_sendto+0xe0/0x1c0 linux/net/socket.c:2199\n do_syscall_x64 linux/arch/x86/entry/common.c:52\n do_syscall_\n---truncated---"
                }
            ],
            "affected": [
                {
                    "product": "Linux",
                    "vendor": "Linux",
                    "defaultStatus": "unaffected",
                    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
                    "programFiles": [
                        "net/tipc/msg.c"
                    ],
                    "versions": [
                        {
                            "version": "1149557d64c9",
                            "lessThan": "e19ec8ab0e25",
                            "status": "affected",
                            "versionType": "git"
                        },
                        {
                            "version": "1149557d64c9",
                            "lessThan": "93bc2d6d16f2",
                            "status": "affected",
                            "versionType": "git"
                        },
                        {
                            "version": "1149557d64c9",
                            "lessThan": "367766ff9e40",
                            "status": "affected",
                            "versionType": "git"
                        },
                        {
                            "version": "1149557d64c9",
                            "lessThan": "66116556076f",
                            "status": "affected",
                            "versionType": "git"
                        },
                        {
                            "version": "1149557d64c9",
                            "lessThan": "21ea04aad8a0",
                            "status": "affected",
                            "versionType": "git"
                        },
                        {
                            "version": "1149557d64c9",
                            "lessThan": "ffd4917c1edb",
                            "status": "affected",
                            "versionType": "git"
                        },
                        {
                            "version": "1149557d64c9",
                            "lessThan": "a0fbb26f8247",
                            "status": "affected",
                            "versionType": "git"
                        },
                        {
                            "version": "1149557d64c9",
                            "lessThan": "080cbb890286",
                            "status": "affected",
                            "versionType": "git"
                        }
                    ]
                },
                {
                    "product": "Linux",
                    "vendor": "Linux",
                    "defaultStatus": "affected",
                    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
                    "programFiles": [
                        "net/tipc/msg.c"
                    ],
                    "versions": [
                        {
                            "version": "4.1",
                            "status": "affected"
                        },
                        {
                            "version": "0",
                            "lessThan": "4.1",
                            "status": "unaffected",
                            "versionType": "custom"
                        },
                        {
                            "version": "4.19.314",
                            "lessThanOrEqual": "4.19.*",
                            "status": "unaffected",
                            "versionType": "custom"
                        },
                        {
                            "version": "5.4.276",
                            "lessThanOrEqual": "5.4.*",
                            "status": "unaffected",
                            "versionType": "custom"
                        },
                        {
                            "version": "5.10.217",
                            "lessThanOrEqual": "5.10.*",
                            "status": "unaffected",
                            "versionType": "custom"
                        },
                        {
                            "version": "5.15.159",
                            "lessThanOrEqual": "5.15.*",
                            "status": "unaffected",
                            "versionType": "custom"
                        },
                        {
                            "version": "6.1.91",
                            "lessThanOrEqual": "6.1.*",
                            "status": "unaffected",
                            "versionType": "custom"
                        },
                        {
                            "version": "6.6.31",
                            "lessThanOrEqual": "6.6.*",
                            "status": "unaffected",
                            "versionType": "custom"
                        },
                        {
                            "version": "6.8.10",
                            "lessThanOrEqual": "6.8.*",
                            "status": "unaffected",
                            "versionType": "custom"
                        },
                        {
                            "version": "6.9",
                            "lessThanOrEqual": "*",
                            "status": "unaffected",
                            "versionType": "original_commit_for_fix"
                        }
                    ]
                }
            ],
            "references": [
                {
                    "url": "https://git.kernel.org/stable/c/e19ec8ab0e25bc4803d7cc91c84e84532e2781bd"
                },
                {
                    "url": "https://git.kernel.org/stable/c/93bc2d6d16f2c3178736ba6b845b30475856dc40"
                },
                {
                    "url": "https://git.kernel.org/stable/c/367766ff9e407f8a68409b7ce4dc4d5a72afeab1"
                },
                {
                    "url": "https://git.kernel.org/stable/c/66116556076f0b96bc1aa9844008c743c8c67684"
                },
                {
                    "url": "https://git.kernel.org/stable/c/21ea04aad8a0839b4ec27ef1691ca480620e8e14"
                },
                {
                    "url": "https://git.kernel.org/stable/c/ffd4917c1edb3c3ff334fce3704fbe9c39f35682"
                },
                {
                    "url": "https://git.kernel.org/stable/c/a0fbb26f8247e326a320e2cb4395bfb234332c90"
                },
                {
                    "url": "https://git.kernel.org/stable/c/080cbb890286cd794f1ee788bbc5463e2deb7c2b"
                },
                {
                    "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
                },
                {
                    "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
                }
            ],
            "title": "tipc: fix UAF in error path",
            "x_generator": {
                "engine": "bippy-a5840b7849dd"
            }
        },
        "adp": [
            {
                "problemTypes": [
                    {
                        "descriptions": [
                            {
                                "type": "CWE",
                                "cweId": "CWE-416",
                                "lang": "en",
                                "description": "CWE-416 Use After Free"
                            }
                        ]
                    }
                ],
                "affected": [
                    {
                        "vendor": "linux",
                        "product": "linux_kernel",
                        "cpes": [
                            "cpe:2.3:o:linux:linux_kernel:4.1:-:*:*:*:*:*:*"
                        ],
                        "defaultStatus": "unknown",
                        "versions": [
                            {
                                "version": "4.1",
                                "status": "affected"
                            }
                        ]
                    },
                    {
                        "vendor": "linux",
                        "product": "linux_kernel",
                        "cpes": [
                            "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
                        ],
                        "defaultStatus": "unknown",
                        "versions": [
                            {
                                "version": "1149557d64c9",
                                "status": "affected",
                                "lessThan": "e19ec8ab0e25",
                                "versionType": "custom"
                            },
                            {
                                "version": "1149557d64c9",
                                "status": "affected",
                                "lessThan": "93bc2d6d16f2",
                                "versionType": "custom"
                            },
                            {
                                "version": "1149557d64c9",
                                "status": "affected",
                                "lessThan": "367766ff9e40",
                                "versionType": "custom"
                            },
                            {
                                "version": "1149557d64c9",
                                "status": "affected",
                                "lessThan": "66116556076f",
                                "versionType": "custom"
                            },
                            {
                                "version": "1149557d64c9",
                                "status": "affected",
                                "lessThan": "21ea04aad8a0",
                                "versionType": "custom"
                            },
                            {
                                "version": "1149557d64c9",
                                "status": "affected",
                                "lessThan": "ffd4917c1edb",
                                "versionType": "custom"
                            },
                            {
                                "version": "1149557d64c9",
                                "status": "affected",
                                "lessThan": "a0fbb26f8247",
                                "versionType": "custom"
                            },
                            {
                                "version": "1149557d64c9",
                                "status": "affected",
                                "lessThan": "080cbb890286",
                                "versionType": "custom"
                            }
                        ]
                    }
                ],
                "metrics": [
                    {
                        "cvssV3_1": {
                            "scope": "UNCHANGED",
                            "version": "3.1",
                            "baseScore": 8.1,
                            "attackVector": "NETWORK",
                            "baseSeverity": "HIGH",
                            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                            "integrityImpact": "HIGH",
                            "userInteraction": "NONE",
                            "attackComplexity": "HIGH",
                            "availabilityImpact": "HIGH",
                            "privilegesRequired": "NONE",
                            "confidentialityImpact": "HIGH"
                        }
                    },
                    {
                        "other": {
                            "type": "ssvc",
                            "content": {
                                "timestamp": "2024-06-22T03:55:33.064938Z",
                                "id": "CVE-2024-36886",
                                "options": [
                                    {
                                        "Exploitation": "none"
                                    },
                                    {
                                        "Automatable": "no"
                                    },
                                    {
                                        "Technical Impact": "total"
                                    }
                                ],
                                "role": "CISA Coordinator",
                                "version": "2.0.3"
                            }
                        }
                    }
                ],
                "title": "CISA ADP Vulnrichment",
                "providerMetadata": {
                    "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                    "shortName": "CISA-ADP",
                    "dateUpdated": "2024-06-24T12:40:50.587Z"
                }
            },
            {
                "title": "CVE Program Container",
                "references": [
                    {
                        "url": "https://git.kernel.org/stable/c/e19ec8ab0e25bc4803d7cc91c84e84532e2781bd",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://git.kernel.org/stable/c/93bc2d6d16f2c3178736ba6b845b30475856dc40",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://git.kernel.org/stable/c/367766ff9e407f8a68409b7ce4dc4d5a72afeab1",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://git.kernel.org/stable/c/66116556076f0b96bc1aa9844008c743c8c67684",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://git.kernel.org/stable/c/21ea04aad8a0839b4ec27ef1691ca480620e8e14",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://git.kernel.org/stable/c/ffd4917c1edb3c3ff334fce3704fbe9c39f35682",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://git.kernel.org/stable/c/a0fbb26f8247e326a320e2cb4395bfb234332c90",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://git.kernel.org/stable/c/080cbb890286cd794f1ee788bbc5463e2deb7c2b",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://security.netapp.com/advisory/ntap-20241018-0002/"
                    }
                ],
                "providerMetadata": {
                    "orgId": "af854a3a-2127-422b-91ae-364da2661108",
                    "shortName": "CVE",
                    "dateUpdated": "2024-10-18T13:07:39.609Z"
                }
            }
        ]
    },
    "dataVersion": "5.1"
}