critical
9.8
CWE
324
EPSS
0.044%
Advisory Published
CVE Published
Updated

CVE-2024-36031: keys: Fix overwrite of key expiration on instantiation

First published: Thu May 30 2024(Updated: )

In the Linux kernel, the following vulnerability has been resolved: keys: Fix overwrite of key expiration on instantiation The expiry time of a key is unconditionally overwritten during instantiation, defaulting to turn it permanent. This causes a problem for DNS resolution as the expiration set by user-space is overwritten to TIME64_MAX, disabling further DNS updates. Fix this by restoring the condition that key_set_expiry is only called when the pre-parser sets a specific expiry.

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected SoftwareAffected VersionHow to fix
redhat/kernel<5.10.217
5.10.217
redhat/kernel<5.15.159
5.15.159
redhat/kernel<6.1.91
6.1.91
redhat/kernel<6.6.31
6.6.31
redhat/kernel<6.8.10
6.8.10
redhat/kernel<6.9.1
6.9.1
redhat/kernel<6.10
6.10
Linux Kernel>=5.10.206<5.10.217
Linux Kernel>=5.15.146<5.15.159
Linux Kernel>=6.1.70<6.1.91
Linux Kernel>=6.6.9<6.6.31
Linux Kernel>=6.7<6.8.10
Linux Kernel>=6.9<6.9.1
debian/linux
5.10.223-1
5.10.234-1
6.1.129-1
6.1.128-1
6.12.20-1
6.12.21-1

Remedy

https://git.kernel.org/stable/c/25777f3f4e1f371d16a594925f31e37ce07b6ec7

Remedy

https://git.kernel.org/stable/c/939a08bcd4334bad4b201e60bd0ae1f278d71d41

Remedy

https://git.kernel.org/stable/c/9da27fb65a14c18efd4473e2e82b76b53ba60252

Remedy

https://git.kernel.org/stable/c/ad2011ea787928b2accb5134f1e423b11fe80a8a

Remedy

https://git.kernel.org/stable/c/cc219cb8afbc40ec100c0de941047bb29373126a

Remedy

https://git.kernel.org/stable/c/e4519a016650e952ad9eb27937f8c447d5a4e06d

Remedy

https://git.kernel.org/stable/c/ed79b93f725cd0da39a265dc23d77add1527b9be

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2024-36031?

    The severity of CVE-2024-36031 is currently classified as high due to the potential impact on key expiration handling in the Linux kernel.

  • How do I fix CVE-2024-36031?

    To fix CVE-2024-36031, upgrade the Linux kernel to version 5.10.223-1 or later, or 5.15.159 or later, or install the recommended patches from your distribution.

  • Which Linux kernel versions are affected by CVE-2024-36031?

    CVE-2024-36031 affects multiple Linux kernel versions, including versions prior to 5.10.217, 5.15.159, 6.1.91, and others specified by your distribution.

  • What vulnerabilities are related to key management in the Linux kernel?

    CVE-2024-36031 is part of a series of vulnerabilities related to key management, specifically affecting key expiration functionality.

  • Is CVE-2024-36031 a remote exploit risk?

    CVE-2024-36031 does not directly involve remote exploitation but can affect systems that rely on proper key management, potentially leading to security risks.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203