CVE-2024-36954: tipc: fix a possible memleak in tipc_buf_append
In the Linux kernel, the following vulnerability has been resolved:
tipc: fix a possible memleak in tipcbufappend
skblinearize() doesn't free the skb when it fails, so move 'buf = NULL' after skblinearize(), so that the skb can be freed on the err path.
Other sources
In the Linux kernel, the following vulnerability has been resolved:
tipc: fix a possible memleak in tipcbufappend
The Linux kernel CVE team has assigned CVE-2024-36954 to this issue.
Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024053040-CVE-2024-36954-b1b8@gregkh/T
— Red Hat
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of CVE-2024-36954?
CVE-2024-36954 is classified as a potential memory leak vulnerability in the Linux kernel.
How do I fix CVE-2024-36954?
To mitigate CVE-2024-36954, upgrade to the latest kernel versions such as 4.19.314, 5.4.276, 5.10.217, 5.15.159, 6.1.91, 6.6.31, and 6.8.10 as recommended for Red Hat and Debian systems.
Which versions of the Linux kernel are affected by CVE-2024-36954?
CVE-2024-36954 affects various versions of the Linux kernel including versions prior to 4.19.314, 5.4.276, 5.10.217, 5.15.159, 6.1.91, 6.6.31 and numerous earlier versions.
Is CVE-2024-36954 specific to any Linux distributions?
CVE-2024-36954 impacts multiple Linux distributions such as Red Hat and Debian, as it is a Linux kernel vulnerability.
What triggers the vulnerability CVE-2024-36954?
The vulnerability CVE-2024-36954 is triggered when the __skb_linearize() function in the Linux kernel fails and does not properly free the skb.