CVE-2024-36971

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Jun 10, 2024
Updated: Jun 16, 2024
CWE ID 416

Summary

CVE-2024-36971 is a vulnerability in the Linux kernel that affects multiple products. The vulnerability, known as "net: fix __dst_negative_advice() race," can lead to a use-after-free (UAF) condition when certain RCU (Read-Copy Update) rules are not properly enforced. The affected products include various versions of Linux kernel, ohMfk series, pKnQKN, wEVWRD, and many others. The base severity of this vulnerability is rated as HIGH with a base score of 7.8 according to NIST's CVSS system. The potential danger it poses to organizations is significant, as it has a high impact on integrity and confidentiality. The exploitability score is 1.8 out of 10, indicating a relatively low level of complexity required for an attacker to exploit the vulnerability. It is classified as a local attack vector with low privileges required and no user interaction needed. Remediation steps are not provided in the given text. Note: This summary is based solely on the information provided and does not include any external sources or additional analysis beyond the given text.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future

Note: This is just a basic overview providing quick insights into CVE-2024-36971 information. Gain full access to comprehensive CVE data, third party vulnerabilities, compromised credentials and more with Recorded Future
  • Gain complete coverage of your cyber, third party, and physical attack surface
  • Proactively mitigate threats before they turn into costly attacks
  • Make fast, effective, data-driven decisions