Vulnerability in Linux
CVE-2024-36971
In the Linux kernel, the following vulnerability has been resolved: net: fix __dst_negative_advice() race __dst_negative_advice() does not enforce proper RCU rules when sk->dst_cache must be cleared, leading to possible UAF. RCU rules a…
EPSS: 0.004 (63.9th percentile) — read the EPSS interpretation.
Affected products
- Linux — versions a87cb3e48ee86d29868d3f59cfb9ce1a8fa63314, 4.6, 0
CISA KEV (Known Exploited Vulnerabilities)
This CVE is on the CISA KEV catalog, added on . CISA KEV inclusion means CISA has confirmed in-the-wild exploitation; US federal agencies are required to remediate within a published due date.
BOD 22-01 due date: .
Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Public proof-of-concept exploits
References
- git.kernel.org/stable/c/051c0bde9f0450a2ec3d62a86d2a0d2fad117f13
- git.kernel.org/stable/c/db0082825037794c5dba9959c9de13ca34cc5e72
- git.kernel.org/stable/c/2295a7ef5c8c49241bff769e7826ef2582e532a6
- git.kernel.org/stable/c/eacb8b195579c174a6d3e12a9690b206eb7f28cf
- git.kernel.org/stable/c/81dd3c82a456b0015461754be7cb2693991421b4
- git.kernel.org/stable/c/5af198c387128a9d2ddd620b0f0803564a4d4508
- git.kernel.org/stable/c/b8af8e6118a6605f0e495a58d591ca94a85a50fc
- git.kernel.org/stable/c/92f1655aa2b2294d0b49925f3b875a634bd3b59e
Frequently asked questions
- What is CVE-2024-36971?
- CVE-2024-36971 is a vulnerability in Linux. Published 2024-06-10.
- Is CVE-2024-36971 known to be exploited?
- Yes. CVE-2024-36971 is listed in the CISA Known Exploited Vulnerabilities catalog (added 2024-08-07), indicating it is being actively exploited. 5 public proof-of-concept repositories are indexed.