CVE-2024-36023 - Vulnerability Details - OpenCVE

In the Linux kernel, the following vulnerability has been resolved:

Julia Lawall reported this null pointer dereference, this should fix it.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00033.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Linux Subscribe	Linux Kernel Subscribe

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

No data.

No data.

Advisories

Source	ID	Title
Ubuntu USN	USN-6893-1	Linux kernel vulnerabilities
Ubuntu USN	USN-6893-2	Linux kernel vulnerabilities
Ubuntu USN	USN-6893-3	Linux kernel vulnerabilities
Ubuntu USN	USN-6918-1	Linux kernel vulnerabilities

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://git.kernel.org/stable/c/214a6c4a28c11d67044e6cf3a0ab415050d9f03a
https://git.kernel.org/stable/c/2e2177f94c0e0bc41323d7b6975a5f4820ed347e
https://git.kernel.org/stable/c/9bf93dcfc453fae192fe5d7874b89699e8f800ac
https://git.kernel.org/stable/c/b972e8ac3f44f693127a2806031962d100dfc4d1
https://lore.kernel.org/linux-cve-announce/2024053013-CVE-2024-36023-0202@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-36023
https://www.cve.org/CVERecord?id=CVE-2024-36023

History

Fri, 20 Dec 2024 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-05-30T15:04:00.404Z

Updated: 2025-05-04T09:10:47.016Z

Reserved: 2024-05-17T13:50:33.158Z

Link: CVE-2024-36023

Vulnrichment

Updated: 2024-08-02T03:30:12.320Z

NVD

Status : Modified

Published: 2024-05-30T15:15:49.347

Modified: 2024-11-21T09:21:27.523

Link: CVE-2024-36023

Redhat

Severity : Moderate

Publid Date: 2024-05-30T00:00:00Z

Links: CVE-2024-36023 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

CWE-476

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-36023", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-05-17T13:50:33.158Z", "datePublished": "2024-05-30T15:04:00.404Z", "dateUpdated": "2025-05-04T09:10:47.016Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T09:10:47.016Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nJulia Lawall reported this null pointer dereference, this should fix it."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/orangefs/super.c"], "versions": [{"version": "f7ab093f74bf638ed98fd1115f3efa17e308bb7f", "lessThan": "2e2177f94c0e0bc41323d7b6975a5f4820ed347e", "status": "affected", "versionType": "git"}, {"version": "f7ab093f74bf638ed98fd1115f3efa17e308bb7f", "lessThan": "214a6c4a28c11d67044e6cf3a0ab415050d9f03a", "status": "affected", "versionType": "git"}, {"version": "f7ab093f74bf638ed98fd1115f3efa17e308bb7f", "lessThan": "b972e8ac3f44f693127a2806031962d100dfc4d1", "status": "affected", "versionType": "git"}, {"version": "f7ab093f74bf638ed98fd1115f3efa17e308bb7f", "lessThan": "9bf93dcfc453fae192fe5d7874b89699e8f800ac", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/orangefs/super.c"], "versions": [{"version": "4.6", "status": "affected"}, {"version": "0", "lessThan": "4.6", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.86", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.27", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8.6", "lessThanOrEqual": "6.8.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.6", "versionEndExcluding": "6.1.86"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.6", "versionEndExcluding": "6.6.27"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.6", "versionEndExcluding": "6.8.6"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.6", "versionEndExcluding": "6.9"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/2e2177f94c0e0bc41323d7b6975a5f4820ed347e"}, {"url": "https://git.kernel.org/stable/c/214a6c4a28c11d67044e6cf3a0ab415050d9f03a"}, {"url": "https://git.kernel.org/stable/c/b972e8ac3f44f693127a2806031962d100dfc4d1"}, {"url": "https://git.kernel.org/stable/c/9bf93dcfc453fae192fe5d7874b89699e8f800ac"}], "title": "Julia Lawall reported this null pointer dereference, this should fix it.", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-13T20:24:38.395989Z", "id": "CVE-2024-36023", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-13T20:24:47.410Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:30:12.320Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/2e2177f94c0e0bc41323d7b6975a5f4820ed347e", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/214a6c4a28c11d67044e6cf3a0ab415050d9f03a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b972e8ac3f44f693127a2806031962d100dfc4d1", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/9bf93dcfc453fae192fe5d7874b89699e8f800ac", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/2e2177f94c0e0bc41323d7b6975a5f4820ed347e", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/214a6c4a28c11d67044e6cf3a0ab415050d9f03a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b972e8ac3f44f693127a2806031962d100dfc4d1", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/9bf93dcfc453fae192fe5d7874b89699e8f800ac", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:30:12.320Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-36023", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-13T20:24:38.395989Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-13T20:24:43.941Z"}}], "cna": {"title": "Julia Lawall reported this null pointer dereference, this should fix it.", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "f7ab093f74bf638ed98fd1115f3efa17e308bb7f", "lessThan": "2e2177f94c0e0bc41323d7b6975a5f4820ed347e", "versionType": "git"}, {"status": "affected", "version": "f7ab093f74bf638ed98fd1115f3efa17e308bb7f", "lessThan": "214a6c4a28c11d67044e6cf3a0ab415050d9f03a", "versionType": "git"}, {"status": "affected", "version": "f7ab093f74bf638ed98fd1115f3efa17e308bb7f", "lessThan": "b972e8ac3f44f693127a2806031962d100dfc4d1", "versionType": "git"}, {"status": "affected", "version": "f7ab093f74bf638ed98fd1115f3efa17e308bb7f", "lessThan": "9bf93dcfc453fae192fe5d7874b89699e8f800ac", "versionType": "git"}], "programFiles": ["fs/orangefs/super.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "4.6"}, {"status": "unaffected", "version": "0", "lessThan": "4.6", "versionType": "semver"}, {"status": "unaffected", "version": "6.1.86", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.27", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.8.6", "versionType": "semver", "lessThanOrEqual": "6.8.*"}, {"status": "unaffected", "version": "6.9", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["fs/orangefs/super.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/2e2177f94c0e0bc41323d7b6975a5f4820ed347e"}, {"url": "https://git.kernel.org/stable/c/214a6c4a28c11d67044e6cf3a0ab415050d9f03a"}, {"url": "https://git.kernel.org/stable/c/b972e8ac3f44f693127a2806031962d100dfc4d1"}, {"url": "https://git.kernel.org/stable/c/9bf93dcfc453fae192fe5d7874b89699e8f800ac"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nJulia Lawall reported this null pointer dereference, this should fix it."}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.1.86", "versionStartIncluding": "4.6"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.6.27", "versionStartIncluding": "4.6"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.8.6", "versionStartIncluding": "4.6"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.9", "versionStartIncluding": "4.6"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T09:10:47.016Z"}}}, "cveMetadata": {"cveId": "CVE-2024-36023", "state": "PUBLISHED", "dateUpdated": "2025-05-04T09:10:47.016Z", "dateReserved": "2024-05-17T13:50:33.158Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-30T15:04:00.404Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "FE734CE8-823E-4412-B78D-CBCE2100A702", "versionEndExcluding": "6.1.86", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "41504EFE-0C3F-4B7C-B855-EFE4FA9ACB84", "versionEndExcluding": "6.6.27", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6A6B920C-8D8F-4130-86B4-AD334F4CF2E3", "versionEndExcluding": "6.8.10", "versionStartIncluding": "6.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nJulia Lawall reported this null pointer dereference, this should fix it."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: Julia Lawall inform\u00f3 esta desreferencia de puntero nulo, esto deber\u00eda solucionarlo."}], "id": "CVE-2024-36023", "lastModified": "2024-11-21T09:21:27.523", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-05-30T15:15:49.347", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/214a6c4a28c11d67044e6cf3a0ab415050d9f03a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2e2177f94c0e0bc41323d7b6975a5f4820ed347e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9bf93dcfc453fae192fe5d7874b89699e8f800ac"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b972e8ac3f44f693127a2806031962d100dfc4d1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/214a6c4a28c11d67044e6cf3a0ab415050d9f03a"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2e2177f94c0e0bc41323d7b6975a5f4820ed347e"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9bf93dcfc453fae192fe5d7874b89699e8f800ac"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b972e8ac3f44f693127a2806031962d100dfc4d1"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: Julia Lawall reported this null pointer dereference, this should fix it.", "id": "2284425", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2284425"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-476", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nJulia Lawall reported this null pointer dereference, this should fix it.", "A NULL pointer dereference vulnerability was found in the Linux kernel. This issue could lead to unexpected behavior or crashes within the kernel, potentially impacting system stability and security."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-36023", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-30T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-36023\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-36023\nhttps://lore.kernel.org/linux-cve-announce/2024053013-CVE-2024-36023-0202@gregkh/T"], "statement": "Red Hat Enterprise Linux is not vulnerable to this CVE, as it does not affect the versions or configurations of the Linux kernel used in its distributions.", "threat_severity": "Moderate"}