{"dataType":"CVE_RECORD","cveMetadata":{"cveId":"CVE-2024-36288","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-06-21T11:16:40.621Z","datePublished":"2024-06-21T11:18:46.152Z","dateUpdated":"2025-11-04T17:21:10.146Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-06-19T12:39:18.733Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nSUNRPC: Fix loop termination condition in gss_free_in_token_pages()\n\nThe in_token->pages[] array is not NULL terminated. This results in\nthe following KASAN splat:\n\n  KASAN: maybe wild-memory-access in range [0x04a2013400000008-0x04a201340000000f]"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/sunrpc/auth_gss/svcauth_gss.c"],"versions":[{"version":"ab8466d4e26806a4ae82c282762c4545eecf45ef","lessThan":"57ff6c0a175930856213b2aa39f8c845a53e5b1c","status":"affected","versionType":"git"},{"version":"4420b73c7f26fd5fcb37bbce5313dd356ef1b3ca","lessThan":"6ed45d20d30005bed94c8c527ce51d5ad8121018","status":"affected","versionType":"git"},{"version":"f148a95f68c66c1b097391b68e153d5a46f0e780","lessThan":"4cefcd0af7458bdeff56a9d8dfc6868ce23d128a","status":"affected","versionType":"git"},{"version":"fe0b474974fee7af1df286e0edd5a1460c811865","lessThan":"b4878ea99f2b40ef1925720b1b4ca7f4af1ba785","status":"affected","versionType":"git"},{"version":"c1d8c429e4d2ce85ec5c92cf71cb419baf75c56f","lessThan":"af628d43a822b78ad8d4a58d8259f8bf8bc71115","status":"affected","versionType":"git"},{"version":"8ca148915670a2921afcc255af9e1dc80f37b052","lessThan":"0a1cb0c6102bb4fd310243588d39461da49497ad","status":"affected","versionType":"git"},{"version":"bafa6b4d95d97877baa61883ff90f7e374427fae","lessThan":"4a77c3dead97339478c7422eb07bf4bf63577008","status":"affected","versionType":"git"},{"version":"a3c1afd5d7ad59e34a275d80c428952f83c8c1f0","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/sunrpc/auth_gss/svcauth_gss.c"],"versions":[{"version":"6.9.3","lessThan":"6.9.4","status":"affected","versionType":"semver"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.9.3","versionEndExcluding":"6.9.4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.8.12"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/57ff6c0a175930856213b2aa39f8c845a53e5b1c"},{"url":"https://git.kernel.org/stable/c/6ed45d20d30005bed94c8c527ce51d5ad8121018"},{"url":"https://git.kernel.org/stable/c/4cefcd0af7458bdeff56a9d8dfc6868ce23d128a"},{"url":"https://git.kernel.org/stable/c/b4878ea99f2b40ef1925720b1b4ca7f4af1ba785"},{"url":"https://git.kernel.org/stable/c/af628d43a822b78ad8d4a58d8259f8bf8bc71115"},{"url":"https://git.kernel.org/stable/c/0a1cb0c6102bb4fd310243588d39461da49497ad"},{"url":"https://git.kernel.org/stable/c/4a77c3dead97339478c7422eb07bf4bf63577008"}],"title":"SUNRPC: Fix loop termination condition in gss_free_in_token_pages()","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-06-21T13:05:00.955390Z","id":"CVE-2024-36288","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-06-21T13:05:08.602Z"}},{"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/57ff6c0a175930856213b2aa39f8c845a53e5b1c","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/6ed45d20d30005bed94c8c527ce51d5ad8121018","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/4cefcd0af7458bdeff56a9d8dfc6868ce23d128a","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/b4878ea99f2b40ef1925720b1b4ca7f4af1ba785","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/f9977e4e0cd98a5f06f2492b4f3547db58deabf5","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/af628d43a822b78ad8d4a58d8259f8bf8bc71115","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/0a1cb0c6102bb4fd310243588d39461da49497ad","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/4a77c3dead97339478c7422eb07bf4bf63577008","tags":["x_transferred"]},{"url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-04T17:21:10.146Z"}}]},"dataVersion":"5.2"}