Linux kernel: Fix for UAF vulnerability in __dst_negative_advice()
Key Information
- Vendor
- Linux
- Status
- Linux
- Vendor
- CVE Published:
- 10 June 2024
Badges
Summary
The Linux kernel vulnerability CVE-2024-36971 has been exploited in the wild. This vulnerability affects the kernel's management of network routes, and it is a Use-After-Free (UAF) memory error. It allows for remote code execution with root privileges and has been used in targeted attacks. Google released an Android security patch addressing the vulnerability, which is actively exploited with indications of limited, targeted exploitation. This situation highlights the importance of prompt patching to protect against potential unauthorized access, control, and data breaches.
CISA Reported
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2024-36971 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
Linux < 051c0bde9f04
Linux < a87cb3e48ee8
Linux < 2295a7ef5c8c
News Articles
Google Rolls Out Patch For Android Kernel Vulnerability
Google announced the company's August 2024 security patches for Android, including a high-severity zero-day vulnerability exploited in targeted attacks..
1 month ago
Google says Android zero-day was exploited in the wild
Google published information about an Android zero-day vulnerability tracked as CVE-2024-36971, which affects the Linux kernel.
1 month ago
Google patches 46 Android bugs, including exploited kernel flaw
CVE-2024-36971 could enable remote code execution due to a use-after-free error.
1 month ago
CVSS V3.1
Timeline
Vulnerability started trending.
- 👾
Exploit exists.
First article discovered by BleepingComputer
Vulnerability published.
Vulnerability Reserved.