Description

In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix potential uninit-value access in __ip6_make_skb() As it was done in commit fc1092f51567 ("ipv4: Fix uninit-value access in __ip_make_skb()") for IPv4, check FLOWI_FLAG_KNOWN_NH on fl6->flowi6_flags instead of testing HDRINCL on the socket to avoid a race condition which causes uninit-value access.

INFO

Published Date :

2024-05-30T15:29:04.866Z

Last Modified :

2026-01-19T12:17:45.894Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2024-36903 vulnerability.

Vendors Products
Linux
  • Linux Kernel
Redhat
  • Enterprise Linux
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-36903.

URL Resource
https://git.kernel.org/stable/c/2367bf254f3a27ecc6e229afd7a8b0a1395f7be3 cve-icon cve-icon
https://git.kernel.org/stable/c/40e5444a3ac315b60e94d82226b73cd82145d09e cve-icon cve-icon
https://git.kernel.org/stable/c/4e13d3a9c25b7080f8a619f961e943fe08c2672c cve-icon cve-icon
https://git.kernel.org/stable/c/59d74c843ebf46264c7903726cf6f2673a93b07a cve-icon cve-icon
https://git.kernel.org/stable/c/68c8ba16ab712eb709c6bab80ff151079d11d97a cve-icon cve-icon
https://git.kernel.org/stable/c/a05c1ede50e9656f0752e523c7b54f3a3489e9a8 cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html cve-icon
https://lore.kernel.org/linux-cve-announce/2024053036-CVE-2024-36903-4a60@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-36903 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-36903 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact