CVE-2024-36886 - Vulnerability Details

Description

In the Linux kernel, the following vulnerability has been resolved:

tipc: fix UAF in error path

Sam Page (sam4k) working with Trend Micro Zero Day Initiative reported
a UAF in the tipc_buf_append() error path:

BUG: KASAN: slab-use-after-free in kfree_skb_list_reason+0x47e/0x4c0
linux/net/core/skbuff.c:1183
Read of size 8 at addr ffff88804d2a7c80 by task poc/8034

CPU: 1 PID: 8034 Comm: poc Not tainted 6.8.2 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
1.16.0-debian-1.16.0-5 04/01/2014
Call Trace:
<IRQ>
__dump_stack linux/lib/dump_stack.c:88
dump_stack_lvl+0xd9/0x1b0 linux/lib/dump_stack.c:106
print_address_description linux/mm/kasan/report.c:377
print_report+0xc4/0x620 linux/mm/kasan/report.c:488
kasan_report+0xda/0x110 linux/mm/kasan/report.c:601
kfree_skb_list_reason+0x47e/0x4c0 linux/net/core/skbuff.c:1183
skb_release_data+0x5af/0x880 linux/net/core/skbuff.c:1026
skb_release_all linux/net/core/skbuff.c:1094
__kfree_skb linux/net/core/skbuff.c:1108
kfree_skb_reason+0x12d/0x210 linux/net/core/skbuff.c:1144
kfree_skb linux/./include/linux/skbuff.h:1244
tipc_buf_append+0x425/0xb50 linux/net/tipc/msg.c:186
tipc_link_input+0x224/0x7c0 linux/net/tipc/link.c:1324
tipc_link_rcv+0x76e/0x2d70 linux/net/tipc/link.c:1824
tipc_rcv+0x45f/0x10f0 linux/net/tipc/node.c:2159
tipc_udp_recv+0x73b/0x8f0 linux/net/tipc/udp_media.c:390
udp_queue_rcv_one_skb+0xad2/0x1850 linux/net/ipv4/udp.c:2108
udp_queue_rcv_skb+0x131/0xb00 linux/net/ipv4/udp.c:2186
udp_unicast_rcv_skb+0x165/0x3b0 linux/net/ipv4/udp.c:2346
__udp4_lib_rcv+0x2594/0x3400 linux/net/ipv4/udp.c:2422
ip_protocol_deliver_rcu+0x30c/0x4e0 linux/net/ipv4/ip_input.c:205
ip_local_deliver_finish+0x2e4/0x520 linux/net/ipv4/ip_input.c:233
NF_HOOK linux/./include/linux/netfilter.h:314
NF_HOOK linux/./include/linux/netfilter.h:308
ip_local_deliver+0x18e/0x1f0 linux/net/ipv4/ip_input.c:254
dst_input linux/./include/net/dst.h:461
ip_rcv_finish linux/net/ipv4/ip_input.c:449
NF_HOOK linux/./include/linux/netfilter.h:314
NF_HOOK linux/./include/linux/netfilter.h:308
ip_rcv+0x2c5/0x5d0 linux/net/ipv4/ip_input.c:569
__netif_receive_skb_one_core+0x199/0x1e0 linux/net/core/dev.c:5534
__netif_receive_skb+0x1f/0x1c0 linux/net/core/dev.c:5648
process_backlog+0x101/0x6b0 linux/net/core/dev.c:5976
__napi_poll.constprop.0+0xba/0x550 linux/net/core/dev.c:6576
napi_poll linux/net/core/dev.c:6645
net_rx_action+0x95a/0xe90 linux/net/core/dev.c:6781
__do_softirq+0x21f/0x8e7 linux/kernel/softirq.c:553
do_softirq linux/kernel/softirq.c:454
do_softirq+0xb2/0xf0 linux/kernel/softirq.c:441
</IRQ>
<TASK>
__local_bh_enable_ip+0x100/0x120 linux/kernel/softirq.c:381
local_bh_enable linux/./include/linux/bottom_half.h:33
rcu_read_unlock_bh linux/./include/linux/rcupdate.h:851
__dev_queue_xmit+0x871/0x3ee0 linux/net/core/dev.c:4378
dev_queue_xmit linux/./include/linux/netdevice.h:3169
neigh_hh_output linux/./include/net/neighbour.h:526
neigh_output linux/./include/net/neighbour.h:540
ip_finish_output2+0x169f/0x2550 linux/net/ipv4/ip_output.c:235
__ip_finish_output linux/net/ipv4/ip_output.c:313
__ip_finish_output+0x49e/0x950 linux/net/ipv4/ip_output.c:295
ip_finish_output+0x31/0x310 linux/net/ipv4/ip_output.c:323
NF_HOOK_COND linux/./include/linux/netfilter.h:303
ip_output+0x13b/0x2a0 linux/net/ipv4/ip_output.c:433
dst_output linux/./include/net/dst.h:451
ip_local_out linux/net/ipv4/ip_output.c:129
ip_send_skb+0x3e5/0x560 linux/net/ipv4/ip_output.c:1492
udp_send_skb+0x73f/0x1530 linux/net/ipv4/udp.c:963
udp_sendmsg+0x1a36/0x2b40 linux/net/ipv4/udp.c:1250
inet_sendmsg+0x105/0x140 linux/net/ipv4/af_inet.c:850
sock_sendmsg_nosec linux/net/socket.c:730
__sock_sendmsg linux/net/socket.c:745
__sys_sendto+0x42c/0x4e0 linux/net/socket.c:2191
__do_sys_sendto linux/net/socket.c:2203
__se_sys_sendto linux/net/socket.c:2199
__x64_sys_sendto+0xe0/0x1c0 linux/net/socket.c:2199
do_syscall_x64 linux/arch/x86/entry/common.c:52
do_syscall_
---truncated---

Published: 2024-05-30

Score: 8.1 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`1149557d64c97dc9adf3103347a1c0e8c06d3b89`	affected	< e19ec8ab0e25bc4803d7cc91c84e84532e2781bd
`1149557d64c97dc9adf3103347a1c0e8c06d3b89`	affected	< 93bc2d6d16f2c3178736ba6b845b30475856dc40
`1149557d64c97dc9adf3103347a1c0e8c06d3b89`	affected	< 367766ff9e407f8a68409b7ce4dc4d5a72afeab1
`1149557d64c97dc9adf3103347a1c0e8c06d3b89`	affected	< 66116556076f0b96bc1aa9844008c743c8c67684
`1149557d64c97dc9adf3103347a1c0e8c06d3b89`	affected	< 21ea04aad8a0839b4ec27ef1691ca480620e8e14
`1149557d64c97dc9adf3103347a1c0e8c06d3b89`	affected	< ffd4917c1edb3c3ff334fce3704fbe9c39f35682
`1149557d64c97dc9adf3103347a1c0e8c06d3b89`	affected	< a0fbb26f8247e326a320e2cb4395bfb234332c90
`1149557d64c97dc9adf3103347a1c0e8c06d3b89`	affected	< 080cbb890286cd794f1ee788bbc5463e2deb7c2b

Linux

affected

Version	Status	Constraints
`4.1`	affected	—
`0`	unaffected	< 4.1
`4.19.314`	unaffected	≤ 4.19.*
`5.4.276`	unaffected	≤ 5.4.*
`5.10.217`	unaffected	≤ 5.10.*
`5.15.159`	unaffected	≤ 5.15.*
`6.1.91`	unaffected	≤ 6.1.*
`6.6.31`	unaffected	≤ 6.6.*
`6.8.10`	unaffected	≤ 6.8.*
`6.9`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.9:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.9:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.9:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.9:rc4::::::
	cpe:2.3:o:linux:linux_kernel:6.9:rc5::::::
	cpe:2.3:o:linux:linux_kernel:6.9:rc6::::::

Configuration 2 [-]

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 8
kernel-rt-0:4.18.0-553.16.1.rt7.357.el8_10	cpe:/a:redhat:enterprise_linux:8::nfv	RHSA-2024:5102	2024-08-08T00:00:00Z
kernel-0:4.18.0-553.16.1.el8_10	cpe:/o:redhat:enterprise_linux:8	RHSA-2024:5101	2024-08-08T00:00:00Z
kpatch-patch	cpe:/o:redhat:enterprise_linux:8	RHSA-2024:5522	2024-08-20T00:00:00Z
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
kernel-0:4.18.0-305.141.1.el8_4	cpe:/o:redhat:rhel_aus:8.4	RHSA-2024:7002	2024-09-24T00:00:00Z
Red Hat Enterprise Linux 8.4 Telecommunications Update Service
kernel-rt-0:4.18.0-305.141.1.rt7.217.el8_4	cpe:/a:redhat:rhel_tus:8.4::nfv	RHSA-2024:7003	2024-09-24T00:00:00Z
kernel-0:4.18.0-305.141.1.el8_4	cpe:/o:redhat:rhel_tus:8.4	RHSA-2024:7002	2024-09-24T00:00:00Z
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
kernel-0:4.18.0-305.141.1.el8_4	cpe:/o:redhat:rhel_e4s:8.4	RHSA-2024:7002	2024-09-24T00:00:00Z
kpatch-patch	cpe:/o:redhat:rhel_e4s:8.4	RHSA-2024:7427	2024-10-01T00:00:00Z
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
kernel-0:4.18.0-372.111.1.el8_6	cpe:/o:redhat:rhel_aus:8.6	RHSA-2024:4447	2024-07-10T00:00:00Z
Red Hat Enterprise Linux 8.6 Telecommunications Update Service
kernel-0:4.18.0-372.111.1.el8_6	cpe:/o:redhat:rhel_tus:8.6	RHSA-2024:4447	2024-07-10T00:00:00Z
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
kernel-0:4.18.0-372.111.1.el8_6	cpe:/o:redhat:rhel_e4s:8.6	RHSA-2024:4447	2024-07-10T00:00:00Z
kpatch-patch	cpe:/o:redhat:rhel_e4s:8.6	RHSA-2024:4547	2024-07-15T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support
kernel-0:4.18.0-477.67.1.el8_8	cpe:/o:redhat:rhel_eus:8.8	RHSA-2024:5255	2024-08-13T00:00:00Z
kpatch-patch	cpe:/o:redhat:rhel_eus:8.8	RHSA-2024:5520	2024-08-19T00:00:00Z
Red Hat Enterprise Linux 9
kernel-0:5.14.0-427.26.1.el9_4	cpe:/a:redhat:enterprise_linux:9	RHSA-2024:4583	2024-07-17T00:00:00Z
kernel-0:5.14.0-427.26.1.el9_4	cpe:/o:redhat:enterprise_linux:9	RHSA-2024:4583	2024-07-17T00:00:00Z
kpatch-patch	cpe:/o:redhat:enterprise_linux:9	RHSA-2024:4713	2024-07-23T00:00:00Z
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
kernel-0:5.14.0-70.112.1.el9_0	cpe:/a:redhat:rhel_e4s:9.0	RHSA-2024:5257	2024-08-13T00:00:00Z
kernel-rt-0:5.14.0-70.112.1.rt21.184.el9_0	cpe:/a:redhat:rhel_e4s:9.0::nfv	RHSA-2024:5256	2024-08-13T00:00:00Z
kpatch-patch	cpe:/o:redhat:rhel_e4s:9.0	RHSA-2024:5858	2024-08-26T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support
kernel-0:5.14.0-284.73.1.el9_2	cpe:/a:redhat:rhel_eus:9.2	RHSA-2024:4533	2024-07-15T00:00:00Z
kernel-rt-0:5.14.0-284.73.1.rt14.358.el9_2	cpe:/a:redhat:rhel_eus:9.2::nfv	RHSA-2024:4554	2024-07-15T00:00:00Z
kpatch-patch	cpe:/o:redhat:rhel_eus:9.2	RHSA-2024:4548	2024-07-15T00:00:00Z

No data available yet.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Debian DLA	DLA-3840-1	linux security update
Debian DLA	DLA-3843-1	linux-5.10 security update
Debian DSA	DSA-5703-1	linux security update
Ubuntu USN	USN-6949-1	Linux kernel vulnerabilities
Ubuntu USN	USN-6949-2	Linux kernel vulnerabilities
Ubuntu USN	USN-6950-1	Linux kernel vulnerabilities
Ubuntu USN	USN-6950-2	Linux kernel vulnerabilities
Ubuntu USN	USN-6950-3	Linux kernel (Oracle) vulnerabilities
Ubuntu USN	USN-6950-4	Linux kernel (HWE) vulnerabilities
Ubuntu USN	USN-6951-1	Linux kernel vulnerabilities
Ubuntu USN	USN-6951-2	Linux kernel (Azure) vulnerabilities
Ubuntu USN	USN-6951-3	Linux kernel (Azure) vulnerabilities
Ubuntu USN	USN-6951-4	Linux kernel (BlueField) vulnerabilities
Ubuntu USN	USN-6952-1	Linux kernel vulnerabilities
Ubuntu USN	USN-6953-1	Linux kernel (Oracle) vulnerabilities
Ubuntu USN	USN-6955-1	Linux kernel (OEM) vulnerabilities
Ubuntu USN	USN-6956-1	Linux kernel (Azure) vulnerabilities
Ubuntu USN	USN-6957-1	Linux kernel (Oracle) vulnerabilities
Ubuntu USN	USN-6979-1	Linux kernel (Raspberry Pi) vulnerabilities
Ubuntu USN	USN-7019-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7332-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7332-2	Linux kernel vulnerabilities
Ubuntu USN	USN-7332-3	Linux kernel vulnerabilities
Ubuntu USN	USN-7342-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7344-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7344-2	Linux kernel vulnerabilities

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00327.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://git.kernel.org/stable/c/080cbb890286cd794f1ee788bbc5463e2deb7c2b
https://git.kernel.org/stable/c/21ea04aad8a0839b4ec27ef1691ca480620e8e14
https://git.kernel.org/stable/c/367766ff9e407f8a68409b7ce4dc4d5a72afeab1
https://git.kernel.org/stable/c/66116556076f0b96bc1aa9844008c743c8c67684
https://git.kernel.org/stable/c/93bc2d6d16f2c3178736ba6b845b30475856dc40
https://git.kernel.org/stable/c/a0fbb26f8247e326a320e2cb4395bfb234332c90
https://git.kernel.org/stable/c/e19ec8ab0e25bc4803d7cc91c84e84532e2781bd
https://git.kernel.org/stable/c/ffd4917c1edb3c3ff334fce3704fbe9c39f35682
https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
https://lore.kernel.org/all/752f1ccf762223d109845365d07f55414058e5a3.1714484273.git.pabeni@redhat.com/
https://lore.kernel.org/linux-cve-announce/2024053033-CVE-2024-36886-dd83@gregkh/T/#u
https://nvd.nist.gov/vuln/detail/CVE-2024-36886
https://security.netapp.com/advisory/ntap-20241018-0002/
https://www.cve.org/CVERecord?id=CVE-2024-36886

History

Thu, 22 Jan 2026 23:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Debian Debian debian Linux
CPEs		cpe:2.3:o:debian:debian_linux:10.0:::::::* cpe:2.3:o:linux:linux_kernel:6.9:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.9:rc2:::::: cpe:2.3:o:linux:linux_kernel:6.9:rc3:::::: cpe:2.3:o:linux:linux_kernel:6.9:rc4:::::: cpe:2.3:o:linux:linux_kernel:6.9:rc5:::::: cpe:2.3:o:linux:linux_kernel:6.9:rc6::::::
Vendors & Products		Debian Debian debian Linux

Wed, 16 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.01025}`	epss `{'score': 0.01054}`

Sat, 12 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.01019}`	epss `{'score': 0.01025}`

Fri, 11 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.02314}`	epss `{'score': 0.01019}`

Fri, 22 Nov 2024 12:00:00 +0000

Type	Values Removed	Values Added
References		https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html https://security.netapp.com/advisory/ntap-20241018-0002/

Tue, 05 Nov 2024 10:45:00 +0000

Type	Values Removed	Values Added
References	https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

Fri, 18 Oct 2024 14:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:4.1:-::::::
Vendors & Products		Linux Linux linux Kernel
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 24 Sep 2024 06:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:rhel_tus:8.4::nfv cpe:/o:redhat:rhel_aus:8.4 cpe:/o:redhat:rhel_e4s:8.4 cpe:/o:redhat:rhel_tus:8.4

Mon, 26 Aug 2024 19:00:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/o:redhat:rhel_e4s:9.0

Tue, 13 Aug 2024 22:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:rhel_e4s:9.0 cpe:/o:redhat:rhel_eus:8.8

Tue, 13 Aug 2024 06:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:rhel_e4s:9.0::nfv

Thu, 08 Aug 2024 23:00:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:enterprise_linux:8::nfv cpe:/o:redhat:enterprise_linux:8

Subscriptions

Debian Debian Linux

Linux Linux Kernel

Redhat Enterprise Linux Rhel Aus Rhel E4s Rhel Eus Rhel Tus

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-05-30T15:28:55.059Z

Updated: 2026-05-11T20:16:23.394Z

Reserved: 2024-05-30T15:25:07.065Z

Link: CVE-2024-36886

Vulnrichment

Updated: 2024-10-18T13:07:39.609Z

NVD

Status : Analyzed

Published: 2024-05-30T16:15:12.150

Modified: 2026-01-22T20:24:06.567

Link: CVE-2024-36886

Redhat

Severity : Important

Publid Date: 2024-06-06T00:00:00Z

Links: CVE-2024-36886 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

CWE-416

Tracking

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object