{"dataType":"CVE_RECORD","cveMetadata":{"cveId":"CVE-2024-36971","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-05-30T15:25:07.082Z","datePublished":"2024-06-10T09:03:23.878Z","dateUpdated":"2026-05-11T20:18:09.088Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T20:18:09.088Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix __dst_negative_advice() race\n\n__dst_negative_advice() does not enforce proper RCU rules when\nsk->dst_cache must be cleared, leading to possible UAF.\n\nRCU rules are that we must first clear sk->sk_dst_cache,\nthen call dst_release(old_dst).\n\nNote that sk_dst_reset(sk) is implementing this protocol correctly,\nwhile __dst_negative_advice() uses the wrong order.\n\nGiven that ip6_negative_advice() has special logic\nagainst RTF_CACHE, this means each of the three ->negative_advice()\nexisting methods must perform the sk_dst_reset() themselves.\n\nNote the check against NULL dst is centralized in\n__dst_negative_advice(), there is no need to duplicate\nit in various callbacks.\n\nMany thanks to Clement Lecigne for tracking this issue.\n\nThis old bug became visible after the blamed commit, using UDP sockets."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["include/net/dst_ops.h","include/net/sock.h","net/ipv4/route.c","net/ipv6/route.c","net/xfrm/xfrm_policy.c"],"versions":[{"version":"a87cb3e48ee86d29868d3f59cfb9ce1a8fa63314","lessThan":"051c0bde9f0450a2ec3d62a86d2a0d2fad117f13","status":"affected","versionType":"git"},{"version":"a87cb3e48ee86d29868d3f59cfb9ce1a8fa63314","lessThan":"db0082825037794c5dba9959c9de13ca34cc5e72","status":"affected","versionType":"git"},{"version":"a87cb3e48ee86d29868d3f59cfb9ce1a8fa63314","lessThan":"2295a7ef5c8c49241bff769e7826ef2582e532a6","status":"affected","versionType":"git"},{"version":"a87cb3e48ee86d29868d3f59cfb9ce1a8fa63314","lessThan":"eacb8b195579c174a6d3e12a9690b206eb7f28cf","status":"affected","versionType":"git"},{"version":"a87cb3e48ee86d29868d3f59cfb9ce1a8fa63314","lessThan":"81dd3c82a456b0015461754be7cb2693991421b4","status":"affected","versionType":"git"},{"version":"a87cb3e48ee86d29868d3f59cfb9ce1a8fa63314","lessThan":"5af198c387128a9d2ddd620b0f0803564a4d4508","status":"affected","versionType":"git"},{"version":"a87cb3e48ee86d29868d3f59cfb9ce1a8fa63314","lessThan":"b8af8e6118a6605f0e495a58d591ca94a85a50fc","status":"affected","versionType":"git"},{"version":"a87cb3e48ee86d29868d3f59cfb9ce1a8fa63314","lessThan":"92f1655aa2b2294d0b49925f3b875a634bd3b59e","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["include/net/dst_ops.h","include/net/sock.h","net/ipv4/route.c","net/ipv6/route.c","net/xfrm/xfrm_policy.c"],"versions":[{"version":"4.6","status":"affected"},{"version":"0","lessThan":"4.6","status":"unaffected","versionType":"semver"},{"version":"4.19.316","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.278","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.219","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.161","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.94","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.34","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.9.4","lessThanOrEqual":"6.9.*","status":"unaffected","versionType":"semver"},{"version":"6.10","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.6","versionEndExcluding":"4.19.316"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.6","versionEndExcluding":"5.4.278"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.6","versionEndExcluding":"5.10.219"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.6","versionEndExcluding":"5.15.161"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.6","versionEndExcluding":"6.1.94"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.6","versionEndExcluding":"6.6.34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.6","versionEndExcluding":"6.9.4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.6","versionEndExcluding":"6.10"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/051c0bde9f0450a2ec3d62a86d2a0d2fad117f13"},{"url":"https://git.kernel.org/stable/c/db0082825037794c5dba9959c9de13ca34cc5e72"},{"url":"https://git.kernel.org/stable/c/2295a7ef5c8c49241bff769e7826ef2582e532a6"},{"url":"https://git.kernel.org/stable/c/eacb8b195579c174a6d3e12a9690b206eb7f28cf"},{"url":"https://git.kernel.org/stable/c/81dd3c82a456b0015461754be7cb2693991421b4"},{"url":"https://git.kernel.org/stable/c/5af198c387128a9d2ddd620b0f0803564a4d4508"},{"url":"https://git.kernel.org/stable/c/b8af8e6118a6605f0e495a58d591ca94a85a50fc"},{"url":"https://git.kernel.org/stable/c/92f1655aa2b2294d0b49925f3b875a634bd3b59e"}],"title":"net: fix __dst_negative_advice() race","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/051c0bde9f0450a2ec3d62a86d2a0d2fad117f13","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/db0082825037794c5dba9959c9de13ca34cc5e72","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/2295a7ef5c8c49241bff769e7826ef2582e532a6","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/eacb8b195579c174a6d3e12a9690b206eb7f28cf","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/81dd3c82a456b0015461754be7cb2693991421b4","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/5af198c387128a9d2ddd620b0f0803564a4d4508","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/b8af8e6118a6605f0e495a58d591ca94a85a50fc","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/92f1655aa2b2294d0b49925f3b875a634bd3b59e","tags":["x_transferred"]},{"url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-04T17:21:17.010Z"}},{"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":7.8,"attackVector":"LOCAL","baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","integrityImpact":"HIGH","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"LOW","confidentialityImpact":"HIGH"}},{"other":{"type":"ssvc","content":{"id":"CVE-2024-36971","role":"CISA Coordinator","options":[{"Exploitation":"active"},{"Automatable":"no"},{"Technical Impact":"total"}],"version":"2.0.3","timestamp":"2024-08-08T03:55:25.565547Z"}}},{"other":{"type":"kev","content":{"dateAdded":"2024-08-07","reference":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-36971"}}}],"affected":[{"cpes":["cpe:2.3:o:linux:linux_kernel:4.6:*:*:*:*:*:*:*"],"vendor":"linux","product":"linux_kernel","versions":[{"status":"affected","version":"4.6"}],"defaultStatus":"affected"},{"cpes":["cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"],"vendor":"linux","product":"linux_kernel","versions":[{"status":"affected","version":"a87cb3e48ee8","lessThan":"051c0bde9f04","versionType":"git"},{"status":"affected","version":"a87cb3e48ee8","lessThan":"db0082825037","versionType":"git"},{"status":"affected","version":"a87cb3e48ee8","lessThan":"2295a7ef5c8c","versionType":"git"},{"status":"affected","version":"a87cb3e48ee8","lessThan":"eacb8b195579","versionType":"git"},{"status":"affected","version":"a87cb3e48ee8","lessThan":"81dd3c82a456","versionType":"git"},{"status":"affected","version":"a87cb3e48ee8","lessThan":"5af198c38712","versionType":"git"},{"status":"affected","version":"a87cb3e48ee8","lessThan":"b8af8e6118a6","versionType":"git"},{"status":"affected","version":"a87cb3e48ee8","lessThan":"92f1655aa2b2","versionType":"git"}],"defaultStatus":"unaffected"},{"cpes":["cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"],"vendor":"linux","product":"linux_kernel","versions":[{"status":"affected","version":"a87cb3e48ee8","lessThan":"051c0bde9f04","versionType":"git"},{"status":"affected","version":"a87cb3e48ee8","lessThan":"db0082825037","versionType":"git"},{"status":"affected","version":"a87cb3e48ee8","lessThan":"2295a7ef5c8c","versionType":"git"},{"status":"affected","version":"a87cb3e48ee8","lessThan":"eacb8b195579","versionType":"git"},{"status":"affected","version":"a87cb3e48ee8","lessThan":"81dd3c82a456","versionType":"git"},{"status":"affected","version":"a87cb3e48ee8","lessThan":"5af198c38712","versionType":"git"},{"status":"affected","version":"a87cb3e48ee8","lessThan":"b8af8e6118a6","versionType":"git"},{"status":"affected","version":"a87cb3e48ee8","lessThan":"92f1655aa2b2","versionType":"git"}],"defaultStatus":"unaffected"},{"cpes":["cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"],"vendor":"linux","product":"linux_kernel","versions":[{"status":"affected","version":"a87cb3e48ee8","lessThan":"051c0bde9f04","versionType":"git"},{"status":"affected","version":"a87cb3e48ee8","lessThan":"db0082825037","versionType":"git"},{"status":"affected","version":"a87cb3e48ee8","lessThan":"2295a7ef5c8c","versionType":"git"},{"status":"affected","version":"a87cb3e48ee8","lessThan":"eacb8b195579","versionType":"git"},{"status":"affected","version":"a87cb3e48ee8","lessThan":"81dd3c82a456","versionType":"git"},{"status":"affected","version":"a87cb3e48ee8","lessThan":"5af198c38712","versionType":"git"},{"status":"affected","version":"a87cb3e48ee8","lessThan":"b8af8e6118a6","versionType":"git"},{"status":"affected","version":"a87cb3e48ee8","lessThan":"92f1655aa2b2","versionType":"git"}],"defaultStatus":"unaffected"},{"cpes":["cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"],"vendor":"linux","product":"linux_kernel","versions":[{"status":"affected","version":"a87cb3e48ee8","lessThan":"051c0bde9f04","versionType":"git"},{"status":"affected","version":"a87cb3e48ee8","lessThan":"db0082825037","versionType":"git"},{"status":"affected","version":"a87cb3e48ee8","lessThan":"2295a7ef5c8c","versionType":"git"},{"status":"affected","version":"a87cb3e48ee8","lessThan":"eacb8b195579","versionType":"git"},{"status":"affected","version":"a87cb3e48ee8","lessThan":"81dd3c82a456","versionType":"git"},{"status":"affected","version":"a87cb3e48ee8","lessThan":"5af198c38712","versionType":"git"},{"status":"affected","version":"a87cb3e48ee8","lessThan":"b8af8e6118a6","versionType":"git"},{"status":"affected","version":"a87cb3e48ee8","lessThan":"92f1655aa2b2","versionType":"git"}],"defaultStatus":"unaffected"},{"cpes":["cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"],"vendor":"linux","product":"linux_kernel","versions":[{"status":"affected","version":"a87cb3e48ee8","lessThan":"051c0bde9f04","versionType":"git"},{"status":"affected","version":"a87cb3e48ee8","lessThan":"db0082825037","versionType":"git"},{"status":"affected","version":"a87cb3e48ee8","lessThan":"2295a7ef5c8c","versionType":"git"},{"status":"affected","version":"a87cb3e48ee8","lessThan":"eacb8b195579","versionType":"git"},{"status":"affected","version":"a87cb3e48ee8","lessThan":"81dd3c82a456","versionType":"git"},{"status":"affected","version":"a87cb3e48ee8","lessThan":"5af198c38712","versionType":"git"},{"status":"affected","version":"a87cb3e48ee8","lessThan":"b8af8e6118a6","versionType":"git"},{"status":"affected","version":"a87cb3e48ee8","lessThan":"92f1655aa2b2","versionType":"git"}],"defaultStatus":"unaffected"},{"cpes":["cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"],"vendor":"linux","product":"linux_kernel","versions":[{"status":"affected","version":"a87cb3e48ee8","lessThan":"051c0bde9f04","versionType":"git"},{"status":"affected","version":"a87cb3e48ee8","lessThan":"db0082825037","versionType":"git"},{"status":"affected","version":"a87cb3e48ee8","lessThan":"2295a7ef5c8c","versionType":"git"},{"status":"affected","version":"a87cb3e48ee8","lessThan":"eacb8b195579","versionType":"git"},{"status":"affected","version":"a87cb3e48ee8","lessThan":"81dd3c82a456","versionType":"git"},{"status":"affected","version":"a87cb3e48ee8","lessThan":"5af198c38712","versionType":"git"},{"status":"affected","version":"a87cb3e48ee8","lessThan":"b8af8e6118a6","versionType":"git"},{"status":"affected","version":"a87cb3e48ee8","lessThan":"92f1655aa2b2","versionType":"git"}],"defaultStatus":"unaffected"},{"cpes":["cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"],"vendor":"linux","product":"linux_kernel","versions":[{"status":"affected","version":"a87cb3e48ee8","lessThan":"051c0bde9f04","versionType":"git"},{"status":"affected","version":"a87cb3e48ee8","lessThan":"db0082825037","versionType":"git"},{"status":"affected","version":"a87cb3e48ee8","lessThan":"2295a7ef5c8c","versionType":"git"},{"status":"affected","version":"a87cb3e48ee8","lessThan":"eacb8b195579","versionType":"git"},{"status":"affected","version":"a87cb3e48ee8","lessThan":"81dd3c82a456","versionType":"git"},{"status":"affected","version":"a87cb3e48ee8","lessThan":"5af198c38712","versionType":"git"},{"status":"affected","version":"a87cb3e48ee8","lessThan":"b8af8e6118a6","versionType":"git"},{"status":"affected","version":"a87cb3e48ee8","lessThan":"92f1655aa2b2","versionType":"git"}],"defaultStatus":"unaffected"},{"cpes":["cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"],"vendor":"linux","product":"linux_kernel","versions":[{"status":"affected","version":"a87cb3e48ee8","lessThan":"051c0bde9f04","versionType":"git"},{"status":"affected","version":"a87cb3e48ee8","lessThan":"db0082825037","versionType":"git"},{"status":"affected","version":"a87cb3e48ee8","lessThan":"2295a7ef5c8c","versionType":"git"},{"status":"affected","version":"a87cb3e48ee8","lessThan":"eacb8b195579","versionType":"git"},{"status":"affected","version":"a87cb3e48ee8","lessThan":"81dd3c82a456","versionType":"git"},{"status":"affected","version":"a87cb3e48ee8","lessThan":"5af198c38712","versionType":"git"},{"status":"affected","version":"a87cb3e48ee8","lessThan":"b8af8e6118a6","versionType":"git"},{"status":"affected","version":"a87cb3e48ee8","lessThan":"92f1655aa2b2","versionType":"git"}],"defaultStatus":"unaffected"},{"cpes":["cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"],"vendor":"linux","product":"linux_kernel","versions":[{"status":"unaffected","version":"0","lessThan":"4.6","versionType":"custom"}],"defaultStatus":"affected"},{"cpes":["cpe:2.3:o:linux:linux_kernel:4.19.316:*:*:*:*:*:*:*"],"vendor":"linux","product":"linux_kernel","versions":[{"status":"unaffected","version":"4.19.316","lessThan":"4.20","versionType":"custom"}],"defaultStatus":"affected"},{"cpes":["cpe:2.3:o:linux:linux_kernel:5.4.278:*:*:*:*:*:*:*"],"vendor":"linux","product":"linux_kernel","versions":[{"status":"unaffected","version":"5.4.278","lessThan":"5.5","versionType":"custom"}],"defaultStatus":"affected"},{"cpes":["cpe:2.3:o:linux:linux_kernel:5.10.219:*:*:*:*:*:*:*"],"vendor":"linux","product":"linux_kernel","versions":[{"status":"unaffected","version":"5.10.219","lessThan":"5.11","versionType":"custom"}],"defaultStatus":"affected"},{"cpes":["cpe:2.3:o:linux:linux_kernel:5.15.161:*:*:*:*:*:*:*"],"vendor":"linux","product":"linux_kernel","versions":[{"status":"unaffected","version":"5.15.161","lessThan":"5.16","versionType":"custom"}],"defaultStatus":"affected"},{"cpes":["cpe:2.3:o:linux:linux_kernel:6.1.94:*:*:*:*:*:*:*"],"vendor":"linux","product":"linux_kernel","versions":[{"status":"unaffected","version":"6.1.94","lessThan":"6.2","versionType":"custom"}],"defaultStatus":"affected"},{"cpes":["cpe:2.3:o:linux:linux_kernel:6.6.34:*:*:*:*:*:*:*"],"vendor":"linux","product":"linux_kernel","versions":[{"status":"unaffected","version":"6.6.34","lessThan":"6.7","versionType":"custom"}],"defaultStatus":"affected"},{"cpes":["cpe:2.3:o:linux:linux_kernel:6.9.4:*:*:*:*:*:*:*"],"vendor":"linux","product":"linux_kernel","versions":[{"status":"unaffected","version":"6.9.4","lessThan":"6.10","versionType":"custom"}],"defaultStatus":"affected"},{"cpes":["cpe:2.3:o:linux:linux_kernel:6.10:*:*:*:*:*:*:*"],"vendor":"linux","product":"linux_kernel","versions":[{"status":"unaffected","version":"6.10","versionType":"custom","lessThanOrEqual":"*"}],"defaultStatus":"affected"}],"references":[{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-36971","tags":["government-resource"]}],"problemTypes":[{"descriptions":[{"lang":"en","type":"CWE","cweId":"CWE-416","description":"CWE-416 Use After Free"}]}],"timeline":[{"time":"2024-08-07T00:00:00.000Z","lang":"en","value":"CVE-2024-36971 added to CISA KEV"}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-10-21T22:56:22.761Z"}}]},"dataVersion":"5.2"}