tipc: fix UAF in error path
CVE-2024-36886
What is CVE-2024-36886?
The vulnerability identified as CVE-2024-36886 affects the Linux kernel and allows remote attackers to execute arbitrary code on affected installations. Authentication is not required to exploit this vulnerability, and it specifically affects systems with the TIPC bearer enabled. The issue stems from the lack of validating the existence of an object prior to performing operations on the object, and an attacker can leverage this vulnerability to execute code in the context of the kernel. Linux has issued an update to correct this vulnerability. No known exploitation or impact by ransomware groups is mentioned in the articles.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Linux 1149557d64c97dc9adf3103347a1c0e8c06d3b89
Linux 1149557d64c97dc9adf3103347a1c0e8c06d3b89 < 93bc2d6d16f2c3178736ba6b845b30475856dc40
Linux 1149557d64c97dc9adf3103347a1c0e8c06d3b89 < 367766ff9e407f8a68409b7ce4dc4d5a72afeab1
News Articles
RewterzCVE-2024-36886CVE-2024-36886 β Linux Kernel Zero-Day Vulnerability - Rewterz
Linux Kernel could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free when processing fragmented TIPC messages.
SystemTekCVE-2024-36886Linux Kernel TIPC Message Reassembly Use-After-Free Remote Code Execution Vulnerability [CVE-2024-36886]
CVE number = CVE-2024-36886 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability, but...
References
CVSS V3.1
Timeline
- π°
First article discovered by SystemTek
Vulnerability published
Vulnerability Reserved