CVE-2024-44986

ipv6: fix possible UAF in ip6_finish_output2()

Description

In the Linux kernel, the following vulnerability has been resolved: ipv6: fix possible UAF in ip6_finish_output2() If skb_expand_head() returns NULL, skb has been freed and associated dst/idev could also have been freed. We need to hold rcu_read_lock() to make sure the dst and associated idev are alive.

References

Link	Tags
https://git.kernel.org/stable/c/e891b36de161fcd96f12ff83667473e5067b9037	patch
https://git.kernel.org/stable/c/3574d28caf9a09756ae87ad1ea096c6f47b6101e	patch
https://git.kernel.org/stable/c/6ab6bf731354a6fdbaa617d1ec194960db61cf3b	patch
https://git.kernel.org/stable/c/56efc253196751ece1fc535a5b582be127b0578a	patch
https://git.kernel.org/stable/c/da273b377ae0d9bd255281ed3c2adb228321687b	patch

Frequently Asked Questions

What is the severity of CVE-2024-44986?: CVE-2024-44986 has been scored as a high severity vulnerability.
How to fix CVE-2024-44986?: To fix CVE-2024-44986, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-44986 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2024-44986 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-44986?: CVE-2024-44986 affects Linux Linux, Linux Linux.

This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.

Description

Category

CWE-416 – Use After Free

References

Frequently Asked Questions