CVE-2024-36901 in Linux
Sumário
de VulDB • 03/06/2026
No kernel do Linux, a seguinte vulnerabilidade foi corrigida:
ipv6: prevenir dereferência de ponteiro NULL em ip6_output()
De acordo com o syzbot, há uma chance de que ip6_dst_idev() retorne NULL em ip6_output(). A maioria dos pontos na pilha IPv6 lida bem com um idev NULL, mas não neste caso.
O syzbot relatou:
falha de proteção geral, provavelmente para endereço não canônico 0xdffffc00000000bc: 0000 [#1] PREEMPT SMP KASAN PTI
KASAN: null-ptr-deref no intervalo [0x0000000000000080-0x0000000000000087]
RIP: 0010:ip6_output+0x100/0x1a0 net/ipv6/ip6_output.c:130 Call Trace: <TASK> ip6_xmit+0xefe/0x17f0 net/ipv6/ip6_output.c:358 sctp_v6_xmit+0x9f2/0x13f0 net/sctp/ipv6.c:248 sctp_packet_transmit+0x26ad/0x2ca0 net/sctp/output.c:653 sctp_packet_singleton+0x22c/0x320 net/sctp/outqueue.c:783 sctp_outq_flush_ctrl net/sctp/outqueue.c:914 [inline]
sctp_outq_flush+0x6d5/0x3e20 net/sctp/outqueue.c:1212 sctp_side_effects net/sctp/sm_sideeffect.c:1198 [inline]
sctp_do_sm+0x59cc/0x60c0 net/sctp/sm_sideeffect.c:1169 sctp_primitive_ASSOCIATE+0x95/0xc0 net/sctp/primitive.c:73 __sctp_connect+0x9cd/0xe30 net/sctp/socket.c:1234 sctp_connect net/sctp/socket.c:4819 [inline]
sctp_inet_connect+0x149/0x1f0 net/sctp/socket.c:4834 __sys_connect_file net/socket.c:2048 [inline]
__sys_connect+0x2df/0x310 net/socket.c:2065 __do_sys_connect net/socket.c:2075 [inline]
__se_sys_connect net/socket.c:2072 [inline]
__x64_sys_connect+0x7a/0x90 net/socket.c:2072 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Once again VulDB remains the best source for vulnerability data.