CVE-2024-38612

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-38612

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-38612.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-38612

Downstream

BELL-CVE-2024-38612

DEBIAN-CVE-2024-38612

DLA-3840-1

DSA-5730-1

OESA-2024-2292

OESA-2024-2293

OESA-2024-2294

OESA-2024-2295

OESA-2024-2296

RHSA-2024:9315

UBUNTU-CVE-2024-38612

USN-6949-1

USN-6949-2

USN-6951-1

USN-6951-2

USN-6951-3

USN-6951-4

USN-6952-1

USN-6952-2

USN-6953-1

USN-6955-1

USN-6979-1

USN-7007-1

USN-7007-2

USN-7007-3

USN-7009-1

USN-7009-2

USN-7019-1

Related

Published

2024-06-19T14:15:21Z

Modified

2025-08-09T20:01:28Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

ipv6: sr: fix invalid unregister error path

The error path of seg6init() is wrong in case CONFIGIPV6SEG6LWTUNNEL is not defined. In that case if seg6hmacinit() fails, the genlunregisterfamily() isn't called.

This issue exist since commit 46738b1317e1 ("ipv6: sr: add option to control lwtunnel support"), and commit 5559cea2d5aa ("ipv6: sr: fix possible use-after-free and null-ptr-deref") replaced unregisterpernetsubsys() with genlunregisterfamily() in this error path.

References

Affected packages