CVE-2024-44986

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-44986
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-44986.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-44986
Downstream
Related
Published
2024-09-04T19:54:34.852Z
Modified
2026-03-20T12:38:56.551474Z
Summary
ipv6: fix possible UAF in ip6_finish_output2()
Details

In the Linux kernel, the following vulnerability has been resolved:

ipv6: fix possible UAF in ip6finishoutput2()

If skbexpandhead() returns NULL, skb has been freed and associated dst/idev could also have been freed.

We need to hold rcureadlock() to make sure the dst and associated idev are alive.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/44xxx/CVE-2024-44986.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
5796015fa968a3349027a27dcd04c71d95c53ba5
Fixed
e891b36de161fcd96f12ff83667473e5067b9037
Fixed
3574d28caf9a09756ae87ad1ea096c6f47b6101e
Fixed
6ab6bf731354a6fdbaa617d1ec194960db61cf3b
Fixed
56efc253196751ece1fc535a5b582be127b0578a
Fixed
da273b377ae0d9bd255281ed3c2adb228321687b
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
ded37d03440d0ab346a8287cc2ba88b8dc90ceb0
Last affected
2323690eb05865a657709f4d28eb9538ea97bfc2
Last affected
b34c668a867ffdcf8bd8db4a36512572e82b4a15

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-44986.json"