CVE-2024-36031
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-36031
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-36031.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-36031
- Downstream
- Related
- Published
- 2024-05-30T15:23:46.831Z
- Modified
- 2025-11-20T05:08:02.762949Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- keys: Fix overwrite of key expiration on instantiation
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
keys: Fix overwrite of key expiration on instantiation
The expiry time of a key is unconditionally overwritten during instantiation, defaulting to turn it permanent. This causes a problem for DNS resolution as the expiration set by user-space is overwritten to TIME64MAX, disabling further DNS updates. Fix this by restoring the condition that keyset_expiry is only called when the pre-parser sets a specific expiry.
- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/25777f3f4e1f371d16a594925f31e37ce07b6ec7
- https://git.kernel.org/stable/c/939a08bcd4334bad4b201e60bd0ae1f278d71d41
- https://git.kernel.org/stable/c/9da27fb65a14c18efd4473e2e82b76b53ba60252
- https://git.kernel.org/stable/c/ad2011ea787928b2accb5134f1e423b11fe80a8a
- https://git.kernel.org/stable/c/cc219cb8afbc40ec100c0de941047bb29373126a
- https://git.kernel.org/stable/c/e4519a016650e952ad9eb27937f8c447d5a4e06d
- https://git.kernel.org/stable/c/ed79b93f725cd0da39a265dc23d77add1527b9be
- https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced97be1e865e70e5a0ad0a5b5f5dca5031ca0b53acFixedad2011ea787928b2accb5134f1e423b11fe80a8a
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced2552b32b0b349df160a509fe49f5f308cb922f2bFixeded79b93f725cd0da39a265dc23d77add1527b9be
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced791d5409cdb974c31a1bc7a903ea729ddc7d83dfFixede4519a016650e952ad9eb27937f8c447d5a4e06d
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedafc360e8a1256acb7579a6f5b6f2c30b85b39301Fixed25777f3f4e1f371d16a594925f31e37ce07b6ec7
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced39299bdd2546688d92ed9db4948f6219ca1b9542Fixed939a08bcd4334bad4b201e60bd0ae1f278d71d41
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced39299bdd2546688d92ed9db4948f6219ca1b9542Fixedcc219cb8afbc40ec100c0de941047bb29373126a
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced39299bdd2546688d92ed9db4948f6219ca1b9542Fixed9da27fb65a14c18efd4473e2e82b76b53ba60252
Affected versions
v5.*
v5.10.206
v5.10.207
v5.10.208
v5.10.209
v5.10.210
v5.10.211
v5.10.212
v5.10.213
v5.10.214
v5.10.215
v5.10.216
v5.15.146
v5.15.147
v5.15.148
v5.15.149
v5.15.150
v5.15.151
v5.15.152
v5.15.153
v5.15.154
v5.15.155
v5.15.156
v5.15.157
v5.15.158
v6.*
v6.1.70
v6.1.71
v6.1.72
v6.1.73
v6.1.74
v6.1.75
v6.1.76
v6.1.77
v6.1.78
v6.1.79
v6.1.80
v6.1.81
v6.1.82
v6.1.83
v6.1.84
v6.1.85
v6.1.86
v6.1.87
v6.1.88
v6.1.89
v6.1.90
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.19
v6.6.20
v6.6.21
v6.6.22
v6.6.23
v6.6.24
v6.6.25
v6.6.26
v6.6.27
v6.6.28
v6.6.29
v6.6.30
v6.6.9
v6.7
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.8.1
v6.8.2
v6.8.3
v6.8.4
v6.8.5
v6.8.6
v6.8.7
v6.8.8
v6.8.9
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7
Database specific
vanir_signatures
[
{
"signature_type": "Line",
"deprecated": false,
"target": {
"file": "security/keys/key.c"
},
"digest": {
"line_hashes": [
"70999738566349864358701528333539681836",
"12463220382068603052640400060896719903",
"166097772629778503769949273095446592747",
"301429821010209408577146139796736170317"
],
"threshold": 0.9
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ed79b93f725cd0da39a265dc23d77add1527b9be",
"signature_version": "v1",
"id": "CVE-2024-36031-26ac5217"
},
{
"signature_type": "Function",
"deprecated": false,
"target": {
"file": "security/keys/key.c",
"function": "__key_instantiate_and_link"
},
"digest": {
"length": 901.0,
"function_hash": "318303615909168838032499862699215866474"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cc219cb8afbc40ec100c0de941047bb29373126a",
"signature_version": "v1",
"id": "CVE-2024-36031-38b943e3"
},
{
"signature_type": "Function",
"deprecated": false,
"target": {
"file": "security/keys/key.c",
"function": "__key_instantiate_and_link"
},
"digest": {
"length": 901.0,
"function_hash": "318303615909168838032499862699215866474"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@939a08bcd4334bad4b201e60bd0ae1f278d71d41",
"signature_version": "v1",
"id": "CVE-2024-36031-67412879"
},
{
"signature_type": "Function",
"deprecated": false,
"target": {
"file": "security/keys/key.c",
"function": "__key_instantiate_and_link"
},
"digest": {
"length": 901.0,
"function_hash": "318303615909168838032499862699215866474"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ed79b93f725cd0da39a265dc23d77add1527b9be",
"signature_version": "v1",
"id": "CVE-2024-36031-8edbf0a8"
},
{
"signature_type": "Function",
"deprecated": false,
"target": {
"file": "security/keys/key.c",
"function": "__key_instantiate_and_link"
},
"digest": {
"length": 901.0,
"function_hash": "318303615909168838032499862699215866474"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e4519a016650e952ad9eb27937f8c447d5a4e06d",
"signature_version": "v1",
"id": "CVE-2024-36031-8f5dd268"
},
{
"signature_type": "Line",
"deprecated": false,
"target": {
"file": "security/keys/key.c"
},
"digest": {
"line_hashes": [
"70999738566349864358701528333539681836",
"12463220382068603052640400060896719903",
"166097772629778503769949273095446592747",
"301429821010209408577146139796736170317"
],
"threshold": 0.9
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e4519a016650e952ad9eb27937f8c447d5a4e06d",
"signature_version": "v1",
"id": "CVE-2024-36031-a68fe180"
},
{
"signature_type": "Line",
"deprecated": false,
"target": {
"file": "security/keys/key.c"
},
"digest": {
"line_hashes": [
"70999738566349864358701528333539681836",
"12463220382068603052640400060896719903",
"166097772629778503769949273095446592747",
"301429821010209408577146139796736170317"
],
"threshold": 0.9
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cc219cb8afbc40ec100c0de941047bb29373126a",
"signature_version": "v1",
"id": "CVE-2024-36031-cc981de7"
},
{
"signature_type": "Line",
"deprecated": false,
"target": {
"file": "security/keys/key.c"
},
"digest": {
"line_hashes": [
"70999738566349864358701528333539681836",
"12463220382068603052640400060896719903",
"166097772629778503769949273095446592747",
"301429821010209408577146139796736170317"
],
"threshold": 0.9
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@939a08bcd4334bad4b201e60bd0ae1f278d71d41",
"signature_version": "v1",
"id": "CVE-2024-36031-e85ae970"
}
]
Linux / Kernel
Package
- Name
- Kernel
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.10.217
- Type
- ECOSYSTEM
- Events
-
Introduced5.11.0Fixed5.15.159
- Type
- ECOSYSTEM
- Events
-
Introduced5.16.0Fixed6.1.91
- Type
- ECOSYSTEM
- Events
-
Introduced6.2.0Fixed6.6.31
- Type
- ECOSYSTEM
- Events
-
Introduced6.7.0Fixed6.8.10
- Type
- ECOSYSTEM
- Events
-
Introduced6.7.0Fixed6.9.1