CVE-2024-36883

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-36883

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-36883.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-36883

Downstream

BELL-CVE-2024-36883

DEBIAN-CVE-2024-36883

DLA-3840-1

DLA-3843-1

DSA-5703-1

OESA-2024-1705

OESA-2024-1706

OESA-2024-1707

OESA-2024-1766

RHSA-2024:5672

RHSA-2024:5673

RHSA-2024:6206

RHSA-2024:6567

RHSA-2024:7000

RHSA-2024:7001

RLSA-2024:7000

SUSE-SU-2024:4314-1

SUSE-SU-2024:4315-1

SUSE-SU-2024:4316-1

SUSE-SU-2024:4318-1

SUSE-SU-2024:4364-1

SUSE-SU-2024:4376-1

SUSE-SU-2024:4387-1

SUSE-SU-2025:0236-1

UBUNTU-CVE-2024-36883

USN-6949-1

USN-6949-2

USN-6950-1

USN-6950-2

USN-6950-3

USN-6950-4

USN-6951-1

USN-6951-2

USN-6951-3

USN-6951-4

USN-6952-1

USN-6952-2

USN-6953-1

USN-6955-1

USN-6956-1

USN-6957-1

USN-6979-1

USN-7019-1

Related

Published

2024-05-30T16:15:11Z

Modified

2025-08-09T20:01:27Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

net: fix out-of-bounds access in ops_init

netallocgeneric is called by netalloc, which is called without any locking. It reads maxgenptrs, which is changed under pernetops_rwsem. It is read twice, first to allocate an array, then to set s.len, which is later used to limit the bounds of the array access.

It is possible that the array is allocated and another thread is registering a new pernet ops, increments maxgenptrs, which is then used to set s.len with a larger than allocated length for the variable array.

Fix it by reading maxgenptrs only once in netallocgeneric. If maxgenptrs is later incremented, it will be caught in netassigngeneric.

References

Affected packages