cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-36971,https://securityvulnerability.io/vulnerability/CVE-2024-36971,Linux kernel: Fix for UAF vulnerability in __dst_negative_advice(),"A race condition vulnerability exists in the Linux kernel's handling of the socket's destination cache, specifically in the function __dst_negative_advice(). This flaw leads to a potential use-after-free (UAF) situation, as it does not adhere to the required Read-Copy-Update (RCU) protocol. The correct order of operations is vital: clearing the socket's destination cache (sk->sk_dst_cache) must occur before invoking dst_release on the old destination. While sk_dst_reset() implements this protocol correctly, the problematic function fails to do so. This oversight affects multiple methods related to negative advice, requiring them to perform sk_dst_reset() autonomously to ensure proper handling of the destination cache, especially in regard to the RTF_CACHE routing flag. The vulnerability was identified in the context of UDP sockets, which underscores its relevance in network communications.",Linux,Linux,7.8,HIGH,0.0010499999625608325,true,2024-08-07T00:00:00.000Z,true,false,true,2024-08-07T00:00:00.000Z,,true,false,,2024-06-10T09:03:23.878Z,3801