CVE-2024-36946

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-36946
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-36946.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-36946
Downstream
Related
Published
2024-05-30T15:35:43.884Z
Modified
2025-11-28T02:35:05.443344Z
Summary
phonet: fix rtm_phonet_notify() skb allocation
Details

In the Linux kernel, the following vulnerability has been resolved:

phonet: fix rtmphonetnotify() skb allocation

fill_route() stores three components in the skb:

  • struct rtmsg
  • RTA_DST (u8)
  • RTA_OIF (u32)

Therefore, rtmphonetnotify() should use

NLMSGALIGN(sizeof(struct rtmsg)) + nlatotalsize(1) + nlatotal_size(4)

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/36xxx/CVE-2024-36946.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
f062f41d06575744b9eaf725eef8a5d3b5f5b7ca
Fixed
ec1f71c05caeba0f814df77e0f511d8b4618623a
Fixed
dc6beac059f0331de97155a89d84058d4a9e49c7
Fixed
f085e02f0a32f6dfcfabc6535c9c4a1707cef86b
Fixed
4ff334cade9dae50e4be387f71e94fae634aa9b4
Fixed
728a83160f98ee6b60df0d890141b9b7240182fe
Fixed
ee9e39a6cb3ca2a3d35b4ae25547ee3526a44d00
Fixed
9a77226440008cf04ba68faf641a2d50f4998137
Fixed
d8cac8568618dcb8a51af3db1103e8d4cc4aeea7

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.6.33
Fixed
4.19.314
Type
ECOSYSTEM
Events
Introduced
4.20.0
Fixed
5.4.276
Type
ECOSYSTEM
Events
Introduced
5.5.0
Fixed
5.10.217
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.159
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.91
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.31
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.8.10