tipc: fix UAF in error path
CVE-2024-36886
Summary
The vulnerability identified as CVE-2024-36886 affects the Linux kernel and allows remote attackers to execute arbitrary code on affected installations. Authentication is not required to exploit this vulnerability, and it specifically affects systems with the TIPC bearer enabled. The issue stems from the lack of validating the existence of an object prior to performing operations on the object, and an attacker can leverage this vulnerability to execute code in the context of the kernel. Linux has issued an update to correct this vulnerability. No known exploitation or impact by ransomware groups is mentioned in the articles.
Affected Version(s)
Linux 1149557d64c97dc9adf3103347a1c0e8c06d3b89
Linux 1149557d64c97dc9adf3103347a1c0e8c06d3b89 < 93bc2d6d16f2c3178736ba6b845b30475856dc40
Linux 1149557d64c97dc9adf3103347a1c0e8c06d3b89 < 367766ff9e407f8a68409b7ce4dc4d5a72afeab1
News Articles
RewterzCVE-2024-36886CVE-2024-36886 β Linux Kernel Zero-Day Vulnerability - Rewterz
Linux Kernel could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free when processing fragmented TIPC messages.
6 months ago
SystemTekCVE-2024-36886Linux Kernel TIPC Message Reassembly Use-After-Free Remote Code Execution Vulnerability [CVE-2024-36886]
CVE number = CVE-2024-36886 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability, but...
6 months ago
References
Timeline
- π°
First article discovered by SystemTek
Vulnerability published
Vulnerability Reserved