Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

Vulnerability Intelligence

Customers

Vulnerability IntelligenceCVE-2024-36954

CVE-2024-36954

MEDIUM5.5

tipc: fix a possible memleak in tipc_buf_append

Published May 30, 2024

Modified 10 months ago

Details

In the Linux kernel, the following vulnerability has been resolved:

tipc: fix a possible memleak in tipc_buf_append

__skb_linearize() doesn't free the skb when it fails, so move '*buf = NULL' after __skb_linearize(), so that the skb can be freed on the err path.

References

WEB

https://git.kernel.org/stable/c/01cd1b7b685751ee422d00d050292a3d277652d6

WEB

https://git.kernel.org/stable/c/2f87fd9476cf9725d774e6dcb7d17859c6a6d1ae

WEB

https://git.kernel.org/stable/c/3210d34fda4caff212cb53729e6bd46de604d565

WEB

https://git.kernel.org/stable/c/42c8471b0566c7539e7dd584b4d0ebd3cec8cb2c

WEB

https://git.kernel.org/stable/c/614c5a5ae45a921595952117b2e2bd4d4bf9b574

WEB

https://git.kernel.org/stable/c/97bf6f81b29a8efaf5d0983251a7450e5794370d

WEB

https://git.kernel.org/stable/c/adbce6d20da6254c86425a8d4359b221b5ccbccd

WEB

https://git.kernel.org/stable/c/d03a82f4f8144befdc10518e732e2a60b34c870e

WEB

https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html

WEB

https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

ADVISORY

https://www.cve.org/CVERecord?id=CVE-2024-36954

CVSS Analysis

CVSS v3.1

5.5

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

LowAC:L

Privileges Required

LowPR:L

User Interaction

NoneUI:N

Scope

UnchangedS:U

Impact

Confidentiality

NoneC:N

Integrity

NoneI:N

Availability

HighA:H

5.5/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Ecosystems

Timeline

PublishedMay 30, 2024

ModifiedMay 4, 2025

CVE-2024-36954 | Mondoo Vulnerability Intelligence