exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 10 of 10 RSS Feed

CVE-2024-36886

Status Candidate

Overview

In the Linux kernel, the following vulnerability has been resolved: tipc: fix UAF in error path Sam Page (sam4k) working with Trend Micro Zero Day Initiative reported a UAF in the tipc_buf_append() error path: BUG: KASAN: slab-use-after-free in kfree_skb_list_reason+0x47e/0x4c0 linux/net/core/skbuff.c:1183 Read of size 8 at addr ffff88804d2a7c80 by task poc/8034 CPU: 1 PID: 8034 Comm: poc Not tainted 6.8.2 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-debian-1.16.0-5 04/01/2014 Call Trace: <IRQ> __dump_stack linux/lib/dump_stack.c:88 dump_stack_lvl+0xd9/0x1b0 linux/lib/dump_stack.c:106 print_address_description linux/mm/kasan/report.c:377 print_report+0xc4/0x620 linux/mm/kasan/report.c:488 kasan_report+0xda/0x110 linux/mm/kasan/report.c:601 kfree_skb_list_reason+0x47e/0x4c0 linux/net/core/skbuff.c:1183 skb_release_data+0x5af/0x880 linux/net/core/skbuff.c:1026 skb_release_all linux/net/core/skbuff.c:1094 __kfree_skb linux/net/core/skbuff.c:1108 kfree_skb_reason+0x12d/0x210 linux/net/core/skbuff.c:1144 kfree_skb linux/./include/linux/skbuff.h:1244 tipc_buf_append+0x425/0xb50 linux/net/tipc/msg.c:186 tipc_link_input+0x224/0x7c0 linux/net/tipc/link.c:1324 tipc_link_rcv+0x76e/0x2d70 linux/net/tipc/link.c:1824 tipc_rcv+0x45f/0x10f0 linux/net/tipc/node.c:2159 tipc_udp_recv+0x73b/0x8f0 linux/net/tipc/udp_media.c:390 udp_queue_rcv_one_skb+0xad2/0x1850 linux/net/ipv4/udp.c:2108 udp_queue_rcv_skb+0x131/0xb00 linux/net/ipv4/udp.c:2186 udp_unicast_rcv_skb+0x165/0x3b0 linux/net/ipv4/udp.c:2346 __udp4_lib_rcv+0x2594/0x3400 linux/net/ipv4/udp.c:2422 ip_protocol_deliver_rcu+0x30c/0x4e0 linux/net/ipv4/ip_input.c:205 ip_local_deliver_finish+0x2e4/0x520 linux/net/ipv4/ip_input.c:233 NF_HOOK linux/./include/linux/netfilter.h:314 NF_HOOK linux/./include/linux/netfilter.h:308 ip_local_deliver+0x18e/0x1f0 linux/net/ipv4/ip_input.c:254 dst_input linux/./include/net/dst.h:461 ip_rcv_finish linux/net/ipv4/ip_input.c:449 NF_HOOK linux/./include/linux/netfilter.h:314 NF_HOOK linux/./include/linux/netfilter.h:308 ip_rcv+0x2c5/0x5d0 linux/net/ipv4/ip_input.c:569 __netif_receive_skb_one_core+0x199/0x1e0 linux/net/core/dev.c:5534 __netif_receive_skb+0x1f/0x1c0 linux/net/core/dev.c:5648 process_backlog+0x101/0x6b0 linux/net/core/dev.c:5976 __napi_poll.constprop.0+0xba/0x550 linux/net/core/dev.c:6576 napi_poll linux/net/core/dev.c:6645 net_rx_action+0x95a/0xe90 linux/net/core/dev.c:6781 __do_softirq+0x21f/0x8e7 linux/kernel/softirq.c:553 do_softirq linux/kernel/softirq.c:454 do_softirq+0xb2/0xf0 linux/kernel/softirq.c:441 </IRQ> <TASK> __local_bh_enable_ip+0x100/0x120 linux/kernel/softirq.c:381 local_bh_enable linux/./include/linux/bottom_half.h:33 rcu_read_unlock_bh linux/./include/linux/rcupdate.h:851 __dev_queue_xmit+0x871/0x3ee0 linux/net/core/dev.c:4378 dev_queue_xmit linux/./include/linux/netdevice.h:3169 neigh_hh_output linux/./include/net/neighbour.h:526 neigh_output linux/./include/net/neighbour.h:540 ip_finish_output2+0x169f/0x2550 linux/net/ipv4/ip_output.c:235 __ip_finish_output linux/net/ipv4/ip_output.c:313 __ip_finish_output+0x49e/0x950 linux/net/ipv4/ip_output.c:295 ip_finish_output+0x31/0x310 linux/net/ipv4/ip_output.c:323 NF_HOOK_COND linux/./include/linux/netfilter.h:303 ip_output+0x13b/0x2a0 linux/net/ipv4/ip_output.c:433 dst_output linux/./include/net/dst.h:451 ip_local_out linux/net/ipv4/ip_output.c:129 ip_send_skb+0x3e5/0x560 linux/net/ipv4/ip_output.c:1492 udp_send_skb+0x73f/0x1530 linux/net/ipv4/udp.c:963 udp_sendmsg+0x1a36/0x2b40 linux/net/ipv4/udp.c:1250 inet_sendmsg+0x105/0x140 linux/net/ipv4/af_inet.c:850 sock_sendmsg_nosec linux/net/socket.c:730 __sock_sendmsg linux/net/socket.c:745 __sys_sendto+0x42c/0x4e0 linux/net/socket.c:2191 __do_sys_sendto linux/net/socket.c:2203 __se_sys_sendto linux/net/socket.c:2199 __x64_sys_sendto+0xe0/0x1c0 linux/net/socket.c:2199 do_syscall_x64 linux/arch/x86/entry/common.c:52 do_syscall_ ---truncated---

Related Files

Ubuntu Security Notice USN-6951-4
Posted Aug 22, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6951-4 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

tags | advisory, kernel
systems | linux, ubuntu
advisories | CVE-2022-48674, CVE-2023-52434, CVE-2023-52752, CVE-2024-27398, CVE-2024-27401, CVE-2024-31076, CVE-2024-33621, CVE-2024-35947, CVE-2024-35976, CVE-2024-36014, CVE-2024-36015, CVE-2024-36286, CVE-2024-36883, CVE-2024-36886
SHA-256 | 2e3a6db3903dd7ff1828623ddc100aac2e91d93abaa3a75a243873864d1eb7e3
Download | Favorite | View
Ubuntu Security Notice USN-6951-3
Posted Aug 20, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6951-3 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

tags | advisory, kernel
systems | linux, ubuntu
advisories | CVE-2022-48674, CVE-2023-52434, CVE-2023-52752, CVE-2024-27398, CVE-2024-27401, CVE-2024-31076, CVE-2024-33621, CVE-2024-35947, CVE-2024-35976, CVE-2024-36014, CVE-2024-36015, CVE-2024-36286, CVE-2024-36883, CVE-2024-36886
SHA-256 | 8c1f01b0663bf22998e19385fae707029ea2e6973bc55394b2ca20ee8e51eff8
Download | Favorite | View
Red Hat Security Advisory 2024-5522-03
Posted Aug 20, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-5522-03 - An update for kpatch-patch-4_18_0-553 is now available for Red Hat Enterprise Linux 8. Issues addressed include code execution and use-after-free vulnerabilities.

tags | advisory, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2024-36886
SHA-256 | fb6e130eed7b5470eb310f3676f417fc4e754b5131b900c3a4bbebce9702726b
Download | Favorite | View
Red Hat Security Advisory 2024-5520-03
Posted Aug 19, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-5520-03 - An update for kpatch-patch-4_18_0-477_43_1 is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include code execution and use-after-free vulnerabilities.

tags | advisory, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2024-36886
SHA-256 | af941450067aaa3f2d507b96cadce037c33d169c5ad83a57140002bc74eca61b
Download | Favorite | View
Ubuntu Security Notice USN-6951-2
Posted Aug 15, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6951-2 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

tags | advisory, kernel
systems | linux, ubuntu
advisories | CVE-2022-48674, CVE-2023-52434, CVE-2023-52752, CVE-2024-27398, CVE-2024-27401, CVE-2024-31076, CVE-2024-33621, CVE-2024-35947, CVE-2024-35976, CVE-2024-36014, CVE-2024-36015, CVE-2024-36286, CVE-2024-36883, CVE-2024-36886
SHA-256 | 40333bcb6bfcef7ef0b04b1f7dd14dc7bd1927d82916fa3e2c056ec935a480dd
Download | Favorite | View
Ubuntu Security Notice USN-6951-1
Posted Aug 9, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6951-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

tags | advisory, kernel
systems | linux, ubuntu
advisories | CVE-2022-48674, CVE-2023-52434, CVE-2023-52752, CVE-2024-27398, CVE-2024-27401, CVE-2024-31076, CVE-2024-33621, CVE-2024-35947, CVE-2024-35976, CVE-2024-36014, CVE-2024-36015, CVE-2024-36286, CVE-2024-36883, CVE-2024-36886
SHA-256 | 1b2472c9b386990fb946c9155e64b258ce63d178132ad4b837e17958bee5634b
Download | Favorite | View
Red Hat Security Advisory 2024-4713-03
Posted Jul 23, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-4713-03 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 9. Issues addressed include code execution and use-after-free vulnerabilities.

tags | advisory, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2024-36886
SHA-256 | 3a72ee436dc05f0c47719e8dbc954c6eb8dec748f207f0ae84336bb6fd1420e9
Download | Favorite | View
Red Hat Security Advisory 2024-4548-03
Posted Jul 15, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-4548-03 - An update for kpatch-patch-5_14_0-284_48_1 is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include code execution and use-after-free vulnerabilities.

tags | advisory, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2024-36886
SHA-256 | 02a7b186977875e0481b94879a9e3ee9a773dfb00ca93400493d8c2128f78bd7
Download | Favorite | View
Red Hat Security Advisory 2024-4547-03
Posted Jul 15, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-4547-03 - An update for kpatch-patch-4_18_0-372_91_1 is now available for Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions. Issues addressed include code execution and use-after-free vulnerabilities.

tags | advisory, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2024-36886
SHA-256 | 41b46b9646256aac9fee4111f03d403e16f5a9684a0f9b6ff256200b3bd60ab4
Download | Favorite | View
Debian Security Advisory 5703-1
Posted Jun 3, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5703-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2022-48655, CVE-2023-52585, CVE-2023-52882, CVE-2024-26900, CVE-2024-27398, CVE-2024-27399, CVE-2024-27401, CVE-2024-35848, CVE-2024-35947, CVE-2024-36017, CVE-2024-36031, CVE-2024-36883, CVE-2024-36886, CVE-2024-36889
SHA-256 | 1476333bf5c1e2baed03920f541d970630980c5dab7ff43468471a8a13244d8e
Download | Favorite | View
Page 1 of 1
Back1Next

File Archive:

August 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    15 Files
  • 2
    Aug 2nd
    22 Files
  • 3
    Aug 3rd
    0 Files
  • 4
    Aug 4th
    0 Files
  • 5
    Aug 5th
    15 Files
  • 6
    Aug 6th
    11 Files
  • 7
    Aug 7th
    43 Files
  • 8
    Aug 8th
    42 Files
  • 9
    Aug 9th
    36 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    27 Files
  • 13
    Aug 13th
    18 Files
  • 14
    Aug 14th
    50 Files
  • 15
    Aug 15th
    33 Files
  • 16
    Aug 16th
    23 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    43 Files
  • 20
    Aug 20th
    29 Files
  • 21
    Aug 21st
    42 Files
  • 22
    Aug 22nd
    26 Files
  • 23
    Aug 23rd
    25 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close