AZL-56225

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-56225.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-56225

Upstream

CVE-2024-36903

Published

2024-05-30T16:15:13Z

Modified

2026-04-01T05:18:50.083788Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

CVE-2024-36903 affecting package kernel 5.15.200.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

ipv6: Fix potential uninit-value access in __ip6makeskb()

As it was done in commit fc1092f51567 ("ipv4: Fix uninit-value access in __ipmakeskb()") for IPv4, check FLOWIFLAGKNOWNNH on fl6->flowi6flags instead of testing HDRINCL on the socket to avoid a race condition which causes uninit-value access.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-36903

Affected packages

Azure Linux:2 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

5.15.200.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-56225.json"