CVE-2024-36946

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-36946
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-36946.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-36946
Downstream
Related
Published
2024-05-30T16:15:17Z
Modified
2025-08-09T20:01:27Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

phonet: fix rtmphonetnotify() skb allocation

fill_route() stores three components in the skb:

  • struct rtmsg
  • RTA_DST (u8)
  • RTA_OIF (u32)

Therefore, rtmphonetnotify() should use

NLMSGALIGN(sizeof(struct rtmsg)) + nlatotalsize(1) + nlatotal_size(4)

References

Affected packages