CVE & CISA-KEV Catalog

CVE-2024-36008

MEDIUM
5.5
CVSS v3
NVD

Description

In the Linux kernel, the following vulnerability has been resolved: ipv4: check for NULL idev in ip_route_use_hint() syzbot was able to trigger a NULL deref in fib_validate_source() in an old tree [1]. It appears the bug exists in latest trees. All calls to __in_dev_get_rcu() must be checked for a NULL result. [1] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] CPU: 2 PID: 3257 Comm: syz-executor.3 Not tainted 5.10.0-syzkaller #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 RIP: 0010:fib_validate_source+0xbf/0x15a0 net/ipv4/fib_frontend.c:425 Code: 18 f2 f2 f2 f2 42 c7 44 20 23 f3 f3 f3 f3 48 89 44 24 78 42 c6 44 20 27 f3 e8 5d 88 48 fc 4c 89 e8 48 c1 e8 03 48 89 44 24 18 <42> 80 3c 20 00 74 08 4c 89 ef e8 d2 15 98 fc 48 89 5c 24 10 41 bf RSP: 0018:ffffc900015fee40 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffff88800f7a4000 RCX: ffff88800f4f90c0 RDX: 0000000000000000 RSI: 0000000004001eac RDI: ffff8880160c64c0 RBP: ffffc900015ff060 R08: 0000000000000000 R09: ffff88800f7a4000 R10: 0000000000000002 R11: ffff88800f4f90c0 R12: dffffc0000000000 R13: 0000000000000000 R14: 0000000000000000 R15: ffff88800f7a4000 FS: 00007f938acfe6c0(0000) GS:ffff888058c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f938acddd58 CR3: 000000001248e000 CR4: 0000000000352ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: ip_route_use_hint+0x410/0x9b0 net/ipv4/route.c:2231 ip_rcv_finish_core+0x2c4/0x1a30 net/ipv4/ip_input.c:327 ip_list_rcv_finish net/ipv4/ip_input.c:612 [inline] ip_sublist_rcv+0x3ed/0xe50 net/ipv4/ip_input.c:638 ip_list_rcv+0x422/0x470 net/ipv4/ip_input.c:673 __netif_receive_skb_list_ptype net/core/dev.c:5572 [inline] __netif_receive_skb_list_core+0x6b1/0x890 net/core/dev.c:5620 __netif_receive_skb_list net/core/dev.c:5672 [inline] netif_receive_skb_list_internal+0x9f9/0xdc0 net/core/dev.c:5764 netif_receive_skb_list+0x55/0x3e0 net/core/dev.c:5816 xdp_recv_frames net/bpf/test_run.c:257 [inline] xdp_test_run_batch net/bpf/test_run.c:335 [inline] bpf_test_run_xdp_live+0x1818/0x1d00 net/bpf/test_run.c:363 bpf_prog_test_run_xdp+0x81f/0x1170 net/bpf/test_run.c:1376 bpf_prog_test_run+0x349/0x3c0 kernel/bpf/syscall.c:3736 __sys_bpf+0x45c/0x710 kernel/bpf/syscall.c:5115 __do_sys_bpf kernel/bpf/syscall.c:5201 [inline] __se_sys_bpf kernel/bpf/syscall.c:5199 [inline] __x64_sys_bpf+0x7c/0x90 kernel/bpf/syscall.c:5199

How to fix

Remediation Available
linuxDebian
Fixed in:5.10.216-1CVE-2024-36008
Fixed in:6.1.90-1CVE-2024-36008
Fixed in:6.8.9-1CVE-2024-36008
Fixed in:6.8.9-1CVE-2024-36008
linuxUbuntu
Fixed in:5.15.0-116.126USN-6898-1
Fixed in:6.8.0-39.39USN-6921-1
linux-awsUbuntu
Fixed in:5.15.0-1065.71USN-6898-3
Fixed in:6.8.0-1012.13USN-6921-1
linux-aws-5.15Ubuntu
Fixed in:5.15.0-1065.71~20.04.1USN-6898-4
linux-azureUbuntu
Fixed in:5.15.0-1068.77USN-6917-1
linux-azure-5.15Ubuntu
Fixed in:5.15.0-1068.77~20.04.1USN-6917-1
linux-azure-fdeUbuntu
Fixed in:5.15.0-1068.77.1USN-6917-1
linux-azure-fde-5.15Ubuntu
Fixed in:5.15.0-1068.77~20.04.1.1USN-6917-1
linux-gcpUbuntu
Fixed in:5.15.0-1064.72USN-6898-1
Fixed in:6.8.0-1011.12USN-6921-1
linux-gcp-5.15Ubuntu
Fixed in:5.15.0-1065.73~20.04.1USN-6927-1
linux-gkeUbuntu
Fixed in:5.15.0-1062.68USN-6898-1
Fixed in:6.8.0-1007.10USN-6921-1
linux-gkeopUbuntu
Fixed in:5.15.0-1048.55USN-6898-1
linux-gkeop-5.15Ubuntu
Fixed in:5.15.0-1048.55~20.04.1USN-6898-1
linux-hwe-5.15Ubuntu
Fixed in:5.15.0-116.126~20.04.1USN-6898-3
linux-ibmUbuntu
Fixed in:5.15.0-1058.61USN-6898-1
Fixed in:6.8.0-1009.9USN-6921-1
linux-ibm-5.15Ubuntu
Fixed in:5.15.0-1058.61~20.04.1USN-6898-2
linux-image-5.15.0-1035-xilinx-zynqmpUbuntu
Fixed in:5.15.0-1035.39USN-7019-1
linux-image-5.15.0-1048-gkeopUbuntu
Fixed in:5.15.0-1048.55~20.04.1USN-6898-1
Fixed in:5.15.0-1048.55USN-6898-1
linux-image-5.15.0-1058-ibmUbuntu
Fixed in:5.15.0-1058.61~20.04.1USN-6898-2
Fixed in:5.15.0-1058.61USN-6898-1
linux-image-5.15.0-1058-raspiUbuntu
Fixed in:5.15.0-1058.61USN-6919-1
linux-image-5.15.0-1060-intel-iotgUbuntu
Fixed in:5.15.0-1060.66~20.04.1USN-6898-1
Fixed in:5.15.0-1060.66USN-6898-1
linux-image-5.15.0-1060-nvidiaUbuntu
Fixed in:5.15.0-1060.61USN-6898-1
linux-image-5.15.0-1060-nvidia-lowlatencyUbuntu
Fixed in:5.15.0-1060.61USN-6898-1
linux-image-5.15.0-1062-gkeUbuntu
Fixed in:5.15.0-1062.68USN-6898-1
linux-image-5.15.0-1062-kvmUbuntu
Fixed in:5.15.0-1062.67USN-6898-1
linux-image-5.15.0-1063-oracleUbuntu
Fixed in:5.15.0-1063.69~20.04.1USN-6898-2
Fixed in:5.15.0-1063.69USN-6898-1
linux-image-5.15.0-1064-gcpUbuntu
Fixed in:5.15.0-1064.72USN-6898-1
linux-image-5.15.0-1065-awsUbuntu
Fixed in:5.15.0-1065.71~20.04.1USN-6898-4
Fixed in:5.15.0-1065.71USN-6898-3
linux-image-5.15.0-1065-gcpUbuntu
Fixed in:5.15.0-1065.73~20.04.1USN-6927-1
linux-image-5.15.0-1068-azureUbuntu
Fixed in:5.15.0-1068.77~20.04.1USN-6917-1
Fixed in:5.15.0-1068.77USN-6917-1
linux-image-5.15.0-1068-azure-fdeUbuntu
Fixed in:5.15.0-1068.77~20.04.1.1USN-6917-1
Fixed in:5.15.0-1068.77.1USN-6917-1
linux-image-5.15.0-116-genericUbuntu
Fixed in:5.15.0-116.126~20.04.1USN-6898-3
Fixed in:5.15.0-116.126USN-6898-1
linux-image-5.15.0-116-generic-64kUbuntu
Fixed in:5.15.0-116.126~20.04.1USN-6898-3
Fixed in:5.15.0-116.126USN-6898-1
linux-image-5.15.0-116-generic-lpaeUbuntu
Fixed in:5.15.0-116.126~20.04.1USN-6898-3
Fixed in:5.15.0-116.126USN-6898-1
linux-image-5.15.0-116-lowlatencyUbuntu
Fixed in:5.15.0-116.126~20.04.1USN-6898-2
Fixed in:5.15.0-116.126USN-6898-2
linux-image-5.15.0-116-lowlatency-64kUbuntu
Fixed in:5.15.0-116.126~20.04.1USN-6898-2
Fixed in:5.15.0-116.126USN-6898-2
linux-image-6.8.0-1007-gkeUbuntu
Fixed in:6.8.0-1007.10USN-6921-1
linux-image-6.8.0-1008-raspiUbuntu
Fixed in:6.8.0-1008.8USN-6921-1
linux-image-6.8.0-1009-ibmUbuntu
Fixed in:6.8.0-1009.9USN-6921-1
linux-image-6.8.0-1009-oemUbuntu
Fixed in:6.8.0-1009.9USN-6921-1
linux-image-6.8.0-1010-nvidiaUbuntu
Fixed in:6.8.0-1010.10USN-6921-1
linux-image-6.8.0-1010-nvidia-64kUbuntu
Fixed in:6.8.0-1010.10USN-6921-1
linux-image-6.8.0-1010-oracleUbuntu
Fixed in:6.8.0-1010.10USN-6952-1
linux-image-6.8.0-1010-oracle-64kUbuntu
Fixed in:6.8.0-1010.10USN-6952-1
linux-image-6.8.0-1011-gcpUbuntu
Fixed in:6.8.0-1011.12USN-6921-1
linux-image-6.8.0-1011-nvidia-lowlatencyUbuntu
Fixed in:6.8.0-1011.11.1USN-6952-1
linux-image-6.8.0-1011-nvidia-lowlatency-64kUbuntu
Fixed in:6.8.0-1011.11.1USN-6952-1
linux-image-6.8.0-1012-awsUbuntu
Fixed in:6.8.0-1012.13USN-6921-1
linux-image-6.8.0-39-genericUbuntu
Fixed in:6.8.0-39.39USN-6921-1
linux-image-6.8.0-39-generic-64kUbuntu
Fixed in:6.8.0-39.39USN-6921-1
linux-image-6.8.0-39-lowlatencyUbuntu
Fixed in:6.8.0-39.39.1USN-6921-2
linux-image-6.8.0-39-lowlatency-64kUbuntu
Fixed in:6.8.0-39.39.1USN-6921-2
linux-image-awsUbuntu
Fixed in:5.15.0.1065.71~20.04.1USN-6898-4
Fixed in:6.8.0-1012.13USN-6921-1
linux-image-aws-lts-22.04Ubuntu
Fixed in:5.15.0.1065.65USN-6898-3
linux-image-azureUbuntu
Fixed in:5.15.0.1068.77~20.04.1USN-6917-1
linux-image-azure-cvmUbuntu
Fixed in:5.15.0.1068.77~20.04.1USN-6917-1
linux-image-azure-fdeUbuntu
Fixed in:5.15.0.1068.77~20.04.1.45USN-6917-1
linux-image-azure-fde-lts-22.04Ubuntu
Fixed in:5.15.0.1068.77.45USN-6917-1
linux-image-azure-lts-22.04Ubuntu
Fixed in:5.15.0.1068.66USN-6917-1
linux-image-gcpUbuntu
Fixed in:5.15.0.1065.73~20.04.1USN-6927-1
Fixed in:6.8.0-1011.12USN-6921-1
linux-image-gcp-lts-22.04Ubuntu
Fixed in:5.15.0.1064.60USN-6898-1
linux-image-genericUbuntu
Fixed in:5.15.0.116.116USN-6898-1
Fixed in:6.8.0-39.39USN-6921-1
linux-image-generic-64kUbuntu
Fixed in:5.15.0.116.116USN-6898-1
Fixed in:6.8.0-39.39USN-6921-1
linux-image-generic-64k-hwe-20.04Ubuntu
Fixed in:5.15.0.116.126~20.04.1USN-6898-3
linux-image-generic-64k-hwe-24.04Ubuntu
Fixed in:6.8.0-39.39USN-6921-1
linux-image-generic-hwe-20.04Ubuntu
Fixed in:5.15.0.116.126~20.04.1USN-6898-3
linux-image-generic-hwe-24.04Ubuntu
Fixed in:6.8.0-39.39USN-6921-1
linux-image-generic-lpaeUbuntu
Fixed in:5.15.0.116.116USN-6898-1
Fixed in:6.8.0-39.39USN-6921-1
linux-image-generic-lpae-hwe-20.04Ubuntu
Fixed in:5.15.0.116.126~20.04.1USN-6898-3
linux-image-gkeUbuntu
Fixed in:5.15.0.1062.61USN-6898-1
Fixed in:6.8.0-1007.10USN-6921-1
linux-image-gke-5.15Ubuntu
Fixed in:5.15.0.1062.61USN-6898-1
linux-image-gkeopUbuntu
Fixed in:5.15.0.1048.47USN-6898-1
linux-image-gkeop-5.15Ubuntu
Fixed in:5.15.0.1048.55~20.04.1USN-6898-1
Fixed in:5.15.0.1048.47USN-6898-1
linux-image-ibmUbuntu
Fixed in:5.15.0.1058.61~20.04.1USN-6898-2
Fixed in:5.15.0.1058.54USN-6898-1
Fixed in:6.8.0-1009.9USN-6921-1
linux-image-ibm-classicUbuntu
Fixed in:6.8.0-1009.9USN-6921-1
linux-image-ibm-lts-24.04Ubuntu
Fixed in:6.8.0-1009.9USN-6921-1
linux-image-intelUbuntu
Fixed in:5.15.0.1060.66~20.04.1USN-6898-1
linux-image-intel-iotgUbuntu
Fixed in:5.15.0.1060.66~20.04.1USN-6898-1
Fixed in:5.15.0.1060.60USN-6898-1
linux-image-kvmUbuntu
Fixed in:5.15.0.1062.58USN-6898-1
Fixed in:6.8.0-39.39USN-6921-1
linux-image-lowlatencyUbuntu
Fixed in:5.15.0.116.106USN-6898-2
Fixed in:6.8.0-39.39.1USN-6921-2
linux-image-lowlatency-64kUbuntu
Fixed in:5.15.0.116.106USN-6898-2
Fixed in:6.8.0-39.39.1USN-6921-2
linux-image-lowlatency-64k-hwe-20.04Ubuntu
Fixed in:5.15.0.116.126~20.04.1USN-6898-2
linux-image-lowlatency-hwe-20.04Ubuntu
Fixed in:5.15.0.116.126~20.04.1USN-6898-2
linux-image-nvidiaUbuntu
Fixed in:5.15.0.1060.60USN-6898-1
Fixed in:6.8.0-1010.10USN-6921-1
linux-image-nvidia-64kUbuntu
Fixed in:6.8.0-1010.10USN-6921-1
linux-image-nvidia-lowlatencyUbuntu
Fixed in:5.15.0.1060.60USN-6898-1
Fixed in:6.8.0-1011.11.1USN-6952-1
linux-image-nvidia-lowlatency-64kUbuntu
Fixed in:6.8.0-1011.11.1USN-6952-1
linux-image-oem-20.04Ubuntu
Fixed in:5.15.0.116.126~20.04.1USN-6898-3
linux-image-oem-20.04bUbuntu
Fixed in:5.15.0.116.126~20.04.1USN-6898-3
linux-image-oem-20.04cUbuntu
Fixed in:5.15.0.116.126~20.04.1USN-6898-3
linux-image-oem-20.04dUbuntu
Fixed in:5.15.0.116.126~20.04.1USN-6898-3
linux-image-oem-24.04Ubuntu
Fixed in:6.8.0-1009.9USN-6921-1
linux-image-oem-24.04aUbuntu
Fixed in:6.8.0-1009.9USN-6921-1
linux-image-oracleUbuntu
Fixed in:5.15.0.1063.69~20.04.1USN-6898-2
Fixed in:6.8.0-1010.10USN-6952-1
linux-image-oracle-64kUbuntu
Fixed in:6.8.0-1010.10USN-6952-1
linux-image-oracle-lts-22.04Ubuntu
Fixed in:5.15.0.1063.59USN-6898-1
linux-image-raspiUbuntu
Fixed in:5.15.0.1058.56USN-6919-1
Fixed in:6.8.0-1008.8USN-6921-1
linux-image-raspi-nolpaeUbuntu
Fixed in:5.15.0.1058.56USN-6919-1
linux-image-virtualUbuntu
Fixed in:5.15.0.116.116USN-6898-1
Fixed in:6.8.0-39.39USN-6921-1
linux-image-virtual-hwe-20.04Ubuntu
Fixed in:5.15.0.116.126~20.04.1USN-6898-3
linux-image-virtual-hwe-24.04Ubuntu
Fixed in:6.8.0-39.39USN-6921-1
linux-image-xilinx-zynqmpUbuntu
Fixed in:5.15.0.1035.39USN-7019-1
linux-intel-iotgUbuntu
Fixed in:5.15.0-1060.66USN-6898-1
linux-intel-iotg-5.15Ubuntu
Fixed in:5.15.0-1060.66~20.04.1USN-6898-1
linux-kvmUbuntu
Fixed in:5.15.0-1062.67USN-6898-1
linux-lowlatencyUbuntu
Fixed in:5.15.0-116.126USN-6898-2
Fixed in:6.8.0-39.39.1USN-6921-2
linux-lowlatency-hwe-5.15Ubuntu
Fixed in:5.15.0-116.126~20.04.1USN-6898-2
linux-nvidiaUbuntu
Fixed in:5.15.0-1060.61USN-6898-1
Fixed in:6.8.0-1010.10USN-6921-1
linux-nvidia-lowlatencyUbuntu
Fixed in:6.8.0-1011.11.1USN-6952-1
linux-oem-6.8Ubuntu
Fixed in:6.8.0-1009.9USN-6921-1
linux-oracleUbuntu
Fixed in:5.15.0-1063.69USN-6898-1
Fixed in:6.8.0-1010.10USN-6952-1
linux-oracle-5.15Ubuntu
Fixed in:5.15.0-1063.69~20.04.1USN-6898-2
linux-raspiUbuntu
Fixed in:5.15.0-1058.61USN-6919-1
Fixed in:6.8.0-1008.8USN-6921-1
linux-xilinx-zynqmpUbuntu
Fixed in:5.15.0-1035.39USN-7019-1

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityNone
IntegrityNone
AvailabilityHigh

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploit Intelligence

0.21%probability of exploitation in 30 days
12thpercentile

Low risk: more likely to be exploited than 12% of all known CVEs.

References

Related Vulnerabilities

Other CWE-476 (NULL Pointer Dereference) vulnerabilities, ordered by exploit likelihood. View all

CVESeverityCVSSEPSSExploitedFix
CVE-2023-21758High7.592%-Fix
CVE-2023-21547High7.588%-Fix
CVE-2014-3470Medium4.386%-Fix
CVE-2021-44224High8.282%-Fix
CVE-2016-0742High7.582%-Fix
CVE-2009-1386Medium5.080%-Fix
Embed a live status badge for CVE-2024-36008
CVE-2024-36008 severity badge

Markdown

[![CVE-2024-36008](https://tridentstack.com/cve/badge/CVE-2024-36008.svg)](https://tridentstack.com/cve/CVE-2024-36008)

HTML

<a href="https://tridentstack.com/cve/CVE-2024-36008"><img src="https://tridentstack.com/cve/badge/CVE-2024-36008.svg" alt="CVE-2024-36008"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2026-05-12.