CVE-2024-36946

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-36946

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-36946.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-36946

Downstream

BELL-CVE-2024-36946

DEBIAN-CVE-2024-36946

DLA-3840-1

DLA-3843-1

DSA-5703-1

MGASA-2024-0263

MGASA-2024-0266

OESA-2024-1793

OESA-2024-2078

OESA-2024-2080

OESA-2024-2258

OESA-2024-2296

SUSE-SU-2024:2802-1

SUSE-SU-2024:2894-1

SUSE-SU-2024:2896-1

SUSE-SU-2024:2939-1

SUSE-SU-2024:2947-1

SUSE-SU-2024:2973-1

SUSE-SU-2025:20008-1

SUSE-SU-2025:20028-1

Related

Published

2024-05-30T15:35:43.884Z

Modified

2026-05-15T11:54:34.721823753Z

Summary

phonet: fix rtm_phonet_notify() skb allocation

Details

In the Linux kernel, the following vulnerability has been resolved:

phonet: fix rtmphonetnotify() skb allocation

fill_route() stores three components in the skb:

struct rtmsg
RTA_DST (u8)
RTA_OIF (u32)

Therefore, rtmphonetnotify() should use

NLMSGALIGN(sizeof(struct rtmsg)) + nlatotalsize(1) + nlatotal_size(4)

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/36xxx/CVE-2024-36946.json",
    "cna_assigner": "Linux"
}

References

Affected packages

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.6.33

Fixed

4.19.314

Type: ECOSYSTEM
Events: Introduced

4.20.0

Fixed

5.4.276

Type: ECOSYSTEM
Events: Introduced

5.5.0

Fixed

5.10.217

Type: ECOSYSTEM
Events: Introduced

5.11.0

Fixed

5.15.159

Type: ECOSYSTEM
Events: Introduced

5.16.0

Fixed

6.1.91

Type: ECOSYSTEM
Events: Introduced

6.2.0

Fixed

6.6.31

Type: ECOSYSTEM
Events: Introduced

6.7.0

Fixed

6.8.10

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-36946.json"