CVE-2024-36903

As it was done in commit fc1092f51567 ("ipv4: Fix uninit-value access in __ipmakeskb()") for IPv4, check FLOWIFLAGKNOWNNH on fl6->flowi6flags instead of testing HDRINCL on the socket to avoid a race condition which causes uninit-value access.

Database specific

{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/36xxx/CVE-2024-36903.json"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

605b056d63302ae84eb136e88d4df49124bd5e0d

Fixed

59d74c843ebf46264c7903726cf6f2673a93b07a

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

d65ff2fe877c471aa6e79efa7bd8ff66e147c317

Fixed

40e5444a3ac315b60e94d82226b73cd82145d09e

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

2c9cefc142c1dc2759e19a92d3b2b3715e985beb

Fixed

a05c1ede50e9656f0752e523c7b54f3a3489e9a8

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

ea30388baebcce37fd594d425a65037ca35e59e8

Fixed

68c8ba16ab712eb709c6bab80ff151079d11d97a

Fixed

2367bf254f3a27ecc6e229afd7a8b0a1395f7be3

Fixed

4e13d3a9c25b7080f8a619f961e943fe08c2672c

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

165370522cc48127da564a08584a7391e6341908

Last affected

f394f690a30a5ec0413c62777a058eaf3d6e10d5

Last affected

0cf600ca1bdf1d52df977516ee6cee0cadb1f6b1

Last affected

02ed5700f40445af02d1c97db25ffc2d04971d9f

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-36903.json"