CVE-2024-36971: Android Kernel Remote Code Execution Vulnerability
First published: Mon Jun 10 2024(Updated: )
Android contains an unspecified vulnerability in the kernel that allows for remote code execution. This vulnerability resides in Linux Kernel and could impact other products, including but not limited to Android OS.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Linux kernel | >=4.6<4.19.316 | |
| Linux Linux kernel | >=4.20<5.4.278 | |
| Linux Linux kernel | >=5.5<5.10.219 | |
| Linux Linux kernel | >=5.11<5.15.161 | |
| Linux Linux kernel | >=5.16<6.1.94 | |
| Linux Linux kernel | >=6.2<6.6.34 | |
| Linux Linux kernel | >=6.7<6.9.4 | |
| Google Android | ||
| redhat/kernel | <6.10 | 6.10 |
| F5 Traffix SDC | =5.2.0 | |
| Android kernel | ||
| debian/linux | 5.10.223-1 6.1.106-3 6.1.99-1 6.10.6-1 6.10.9-1 |
Remedy
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.bleepingcomputer.com/news/security/google-fixes-android-kernel-zero-day-exploited-in-targeted-attacks/
- https://www.theregister.com/2024/08/06/google_fixes_linux_kernal_rce/
- https://git.kernel.org/stable/c/051c0bde9f0450a2ec3d62a86d2a0d2fad117f13
- https://git.kernel.org/stable/c/2295a7ef5c8c49241bff769e7826ef2582e532a6
- https://git.kernel.org/stable/c/5af198c387128a9d2ddd620b0f0803564a4d4508
- https://git.kernel.org/stable/c/81dd3c82a456b0015461754be7cb2693991421b4
- https://git.kernel.org/stable/c/92f1655aa2b2294d0b49925f3b875a634bd3b59e
- https://git.kernel.org/stable/c/b8af8e6118a6605f0e495a58d591ca94a85a50fc
- https://git.kernel.org/stable/c/db0082825037794c5dba9959c9de13ca34cc5e72
- https://git.kernel.org/stable/c/eacb8b195579c174a6d3e12a9690b206eb7f28cf
- https://www.bleepingcomputer.com/news/security/cisa-warns-about-actively-exploited-apache-ofbiz-rce-flaw/
- https://launchpad.net/bugs/cve/CVE-2024-36971
- https://android.googlesource.com/kernel/common/+/41a05cfc0e471cea173345622375b672edd8ed3c
- https://android.googlesource.com/kernel/common/+/dd432c37afcddde2295aa3b3afc3ab293dbefaf8
- https://android.googlesource.com/kernel/common/+/079d4f3ff06b21f99aed51d8b22534bdfda5a134
- https://android.googlesource.com/kernel/common/+/3856ad0c3e3028d54c8dac960dec411e45c13146
- https://android.googlesource.com/kernel/common/+/51e48339d74bc7c4e94fd813fc3e61e0fc0c43ae
- https://android.googlesource.com/kernel/common/+/bda79d62f01fdd3398efe0886faa4eb6330889f6
- https://android.googlesource.com/kernel/common/+/b8932254b9b2f02620e96572fee9c615c1db2bc3
- https://android.googlesource.com/kernel/common/+/9b0dadc811eb0140a61734cde73498c1dd574fa1
- https://android.googlesource.com/kernel/common/+/9a84d60e35317c5799ebcbf1c6872f0a2b7d6006
- https://android.googlesource.com/kernel/common/+/bd2bcb81d4ebcffd4e56bb8dfe3e3d4c871928f5
- https://android.googlesource.com/kernel/common/+/a7462d7032e5ed971980180c6a5aadc8ad700331
- https://source.android.com/docs/security/bulletin/2024-08-01 (Advisory)
- https://access.redhat.com/security/cve/CVE-2024-36971
- https://lore.kernel.org/linux-cve-announce/20240610090330.1347021-2-lee@kernel.org/T
- https://access.redhat.com/errata/RHSA-2024:5102
- https://access.redhat.com/errata/RHSA-2024:5101
- https://access.redhat.com/errata/RHSA-2024:5256
- https://access.redhat.com/errata/RHSA-2024:5257
- https://access.redhat.com/errata/RHSA-2024:5255
- https://access.redhat.com/errata/RHSA-2024:5259
- https://access.redhat.com/errata/RHSA-2024:5261
- https://access.redhat.com/errata/RHSA-2024:5266
- https://access.redhat.com/errata/RHSA-2024:5282
- https://access.redhat.com/errata/RHSA-2024:5281
- https://access.redhat.com/errata/RHSA-2024:5365
- https://access.redhat.com/errata/RHSA-2024:5364
- https://access.redhat.com/errata/RHSA-2024:5363
- https://access.redhat.com/errata/RHSA-2024:5388
- https://access.redhat.com/errata/RHSA-2024:5519
- https://access.redhat.com/errata/RHSA-2024:5523
- https://access.redhat.com/errata/RHSA-2024:5521
- https://access.redhat.com/errata/RHSA-2024:5520
- https://access.redhat.com/errata/RHSA-2024:5200
- https://access.redhat.com/errata/RHSA-2024:5522
- https://access.redhat.com/errata/RHSA-2024:5582
- https://access.redhat.com/errata/RHSA-2024:5422
- https://access.redhat.com/errata/RHSA-2024:5433
- https://access.redhat.com/errata/RHSA-2024:5439
- https://access.redhat.com/errata/RHSA-2024:5444
- https://access.redhat.com/errata/RHSA-2024:5858
- https://therecord.media/android-zero-day-google-fix-august-patch
- https://bugzilla.redhat.com/show_bug.cgi?id=2292331
- https://my.f5.com/manage/s/article/K000140987
- https://source.android.com/docs/security/bulletin/2024-08-01,
- https://lore.kernel.org/linux-cve-announce/20240610090330.1347021-2-lee@kernel.org/T/#u
- https://nvd.nist.gov/vuln/detail/CVE-2024-36971
- https://git.kernel.org/linus/92f1655aa2b2294d0b49925f3b875a634bd3b59e
- https://security-tracker.debian.org/tracker/CVE-2024-36971
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36971
- https://ubuntu.com/security/CVE-2024-36971
- agent/type
- agent/weakness
- collector/bleeping-computer
- source/BleepingComputer
- alias/CVE-2024-36971
- alias/CVE-2024-32896
- alias/CVE-2024-29748
- alias/CVE-2024-23350
- collector/the-register
- source/The Register
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- alias/CVE-2024-32113
- alias/CVE-2024-38856
- collector/launchpad-cve
- source/Launchpad
- agent/remedy
- agent/first-publish-date
- collector/nvd-cve
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/title
- collector/android-source
- source/Android
- collector/redhat-bugzilla
- source/Red Hat
- collector/f5-advisory
- source/F5
- agent/last-modified-date
- agent/severity
- agent/references
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- agent/tags
- agent/event
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- collector/usn-cve
- source/Ubuntu
- vendor/linux
- canonical/linux linux kernel
- version/linux linux kernel/4.6
- version/linux linux kernel/4.20
- version/linux linux kernel/5.5
- version/linux linux kernel/5.11
- version/linux linux kernel/5.16
- version/linux linux kernel/6.2
- version/linux linux kernel/6.7
- vendor/google
- canonical/google android
- package-manager/redhat
- vendor/f5
- canonical/f5 traffix sdc
- version/f5 traffix sdc/5.2.0
- vendor/android
- canonical/android kernel
- package-manager/debian