CVE-2024-36954: tipc: fix a possible memleak in tipc_buf_append
First published: Thu May 30 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: tipc: fix a possible memleak in tipc_buf_append __skb_linearize() doesn't free the skb when it fails, so move '*buf = NULL' after __skb_linearize(), so that the skb can be freed on the err path.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel | <4.19.314 | 4.19.314 |
| redhat/kernel | <5.4.276 | 5.4.276 |
| redhat/kernel | <5.10.217 | 5.10.217 |
| redhat/kernel | <5.15.159 | 5.15.159 |
| redhat/kernel | <6.1.91 | 6.1.91 |
| redhat/kernel | <6.6.31 | 6.6.31 |
| redhat/kernel | <6.8.10 | 6.8.10 |
| redhat/kernel | <6.9 | 6.9 |
| Linux kernel | >=4.4.271<4.5 | |
| Linux kernel | >=4.9.271<4.10 | |
| Linux kernel | >=4.14.235<4.15 | |
| Linux kernel | >=4.19.193<4.19.314 | |
| Linux kernel | >=5.4.124<5.4.276 | |
| Linux kernel | >=5.10.42<5.10.217 | |
| Linux kernel | >=5.12.9<5.15.159 | |
| Linux kernel | >=5.16<6.1.91 | |
| Linux kernel | >=6.2<6.6.31 | |
| Linux kernel | >=6.7<6.8.10 | |
| Linux kernel | =6.9-rc1 | |
| Linux kernel | =6.9-rc2 | |
| Linux kernel | =6.9-rc3 | |
| Linux kernel | =6.9-rc4 | |
| Linux kernel | =6.9-rc5 | |
| Linux kernel | =6.9-rc6 | |
| Debian | =10.0 | |
| debian/linux | 5.10.223-1 5.10.234-1 6.1.123-1 6.1.128-1 6.12.12-1 6.12.16-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/01cd1b7b685751ee422d00d050292a3d277652d6
- https://git.kernel.org/stable/c/2f87fd9476cf9725d774e6dcb7d17859c6a6d1ae
- https://git.kernel.org/stable/c/3210d34fda4caff212cb53729e6bd46de604d565
- https://git.kernel.org/stable/c/42c8471b0566c7539e7dd584b4d0ebd3cec8cb2c
- https://git.kernel.org/stable/c/614c5a5ae45a921595952117b2e2bd4d4bf9b574
- https://git.kernel.org/stable/c/97bf6f81b29a8efaf5d0983251a7450e5794370d
- https://git.kernel.org/stable/c/adbce6d20da6254c86425a8d4359b221b5ccbccd
- https://git.kernel.org/stable/c/d03a82f4f8144befdc10518e732e2a60b34c870e
- https://launchpad.net/bugs/cve/CVE-2024-36954
- https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html
- https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36954
- https://nvd.nist.gov/vuln/detail/CVE-2024-36954
- https://security-tracker.debian.org/tracker/CVE-2024-36954
- https://ubuntu.com/security/CVE-2024-36954
- https://git.kernel.org/linus/97bf6f81b29a8efaf5d0983251a7450e5794370d
- https://access.redhat.com/security/cve/CVE-2024-36954
- https://lore.kernel.org/linux-cve-announce/2024053040-CVE-2024-36954-b1b8@gregkh/T
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2284591
- https://access.redhat.com/errata/RHSA-2024:5102
- https://access.redhat.com/errata/RHSA-2024:5101
- https://access.redhat.com/errata/RHSA-2025:1658
- https://bugzilla.redhat.com/show_bug.cgi?id=2284590
Frequently Asked Questions
What is the severity of CVE-2024-36954?
CVE-2024-36954 is classified as a potential memory leak vulnerability in the Linux kernel.
How do I fix CVE-2024-36954?
To mitigate CVE-2024-36954, upgrade to the latest kernel versions such as 4.19.314, 5.4.276, 5.10.217, 5.15.159, 6.1.91, 6.6.31, and 6.8.10 as recommended for Red Hat and Debian systems.
Which versions of the Linux kernel are affected by CVE-2024-36954?
CVE-2024-36954 affects various versions of the Linux kernel including versions prior to 4.19.314, 5.4.276, 5.10.217, 5.15.159, 6.1.91, 6.6.31 and numerous earlier versions.
Is CVE-2024-36954 specific to any Linux distributions?
CVE-2024-36954 impacts multiple Linux distributions such as Red Hat and Debian, as it is a Linux kernel vulnerability.
What triggers the vulnerability CVE-2024-36954?
The vulnerability CVE-2024-36954 is triggered when the __skb_linearize() function in the Linux kernel fails and does not properly free the skb.
- agent/title
- agent/type
- collector/epss-latest
- source/FIRST
- agent/epss
- collector/launchpad-cve
- source/Launchpad
- agent/first-publish-date
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/trending
- agent/severity
- agent/weakness
- agent/remedy
- agent/source
- collector/usn-cve
- source/Ubuntu
- agent/last-modified-date
- agent/references
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2024-36954
- agent/software-canonical-lookup
- agent/event
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-cve
- agent/tags
- agent/softwarecombine
- collector/security-tracker-debian
- source/Debian
- package-manager/redhat
- vendor/linux
- canonical/linux kernel
- version/linux kernel/4.4.271
- version/linux kernel/4.9.271
- version/linux kernel/4.14.235
- version/linux kernel/4.19.193
- version/linux kernel/5.4.124
- version/linux kernel/5.10.42
- version/linux kernel/5.12.9
- version/linux kernel/5.16
- version/linux kernel/6.2
- version/linux kernel/6.7
- version/linux kernel/6.9-rc1
- version/linux kernel/6.9-rc2
- version/linux kernel/6.9-rc3
- version/linux kernel/6.9-rc4
- version/linux kernel/6.9-rc5
- version/linux kernel/6.9-rc6
- vendor/debian
- canonical/debian
- version/debian/10.0
- package-manager/debian