{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-36023", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-05-17T13:50:33.158Z", "datePublished": "2024-05-30T15:04:00.404Z", "dateUpdated": "2025-05-04T09:10:47.016Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T09:10:47.016Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nJulia Lawall reported this null pointer dereference, this should fix it."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/orangefs/super.c"], "versions": [{"version": "f7ab093f74bf638ed98fd1115f3efa17e308bb7f", "lessThan": "2e2177f94c0e0bc41323d7b6975a5f4820ed347e", "status": "affected", "versionType": "git"}, {"version": "f7ab093f74bf638ed98fd1115f3efa17e308bb7f", "lessThan": "214a6c4a28c11d67044e6cf3a0ab415050d9f03a", "status": "affected", "versionType": "git"}, {"version": "f7ab093f74bf638ed98fd1115f3efa17e308bb7f", "lessThan": "b972e8ac3f44f693127a2806031962d100dfc4d1", "status": "affected", "versionType": "git"}, {"version": "f7ab093f74bf638ed98fd1115f3efa17e308bb7f", "lessThan": "9bf93dcfc453fae192fe5d7874b89699e8f800ac", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/orangefs/super.c"], "versions": [{"version": "4.6", "status": "affected"}, {"version": "0", "lessThan": "4.6", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.86", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.27", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8.6", "lessThanOrEqual": "6.8.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.6", "versionEndExcluding": "6.1.86"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.6", "versionEndExcluding": "6.6.27"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.6", "versionEndExcluding": "6.8.6"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.6", "versionEndExcluding": "6.9"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/2e2177f94c0e0bc41323d7b6975a5f4820ed347e"}, {"url": "https://git.kernel.org/stable/c/214a6c4a28c11d67044e6cf3a0ab415050d9f03a"}, {"url": "https://git.kernel.org/stable/c/b972e8ac3f44f693127a2806031962d100dfc4d1"}, {"url": "https://git.kernel.org/stable/c/9bf93dcfc453fae192fe5d7874b89699e8f800ac"}], "title": "Julia Lawall reported this null pointer dereference, this should fix it.", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-13T20:24:38.395989Z", "id": "CVE-2024-36023", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-13T20:24:47.410Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:30:12.320Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/2e2177f94c0e0bc41323d7b6975a5f4820ed347e", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/214a6c4a28c11d67044e6cf3a0ab415050d9f03a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b972e8ac3f44f693127a2806031962d100dfc4d1", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/9bf93dcfc453fae192fe5d7874b89699e8f800ac", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/2e2177f94c0e0bc41323d7b6975a5f4820ed347e", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/214a6c4a28c11d67044e6cf3a0ab415050d9f03a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b972e8ac3f44f693127a2806031962d100dfc4d1", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/9bf93dcfc453fae192fe5d7874b89699e8f800ac", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:30:12.320Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-36023", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-13T20:24:38.395989Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-13T20:24:43.941Z"}}], "cna": {"title": "Julia Lawall reported this null pointer dereference, this should fix it.", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "f7ab093f74bf638ed98fd1115f3efa17e308bb7f", "lessThan": "2e2177f94c0e0bc41323d7b6975a5f4820ed347e", "versionType": "git"}, {"status": "affected", "version": "f7ab093f74bf638ed98fd1115f3efa17e308bb7f", "lessThan": "214a6c4a28c11d67044e6cf3a0ab415050d9f03a", "versionType": "git"}, {"status": "affected", "version": "f7ab093f74bf638ed98fd1115f3efa17e308bb7f", "lessThan": "b972e8ac3f44f693127a2806031962d100dfc4d1", "versionType": "git"}, {"status": "affected", "version": "f7ab093f74bf638ed98fd1115f3efa17e308bb7f", "lessThan": "9bf93dcfc453fae192fe5d7874b89699e8f800ac", "versionType": "git"}], "programFiles": ["fs/orangefs/super.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "4.6"}, {"status": "unaffected", "version": "0", "lessThan": "4.6", "versionType": "semver"}, {"status": "unaffected", "version": "6.1.86", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.27", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.8.6", "versionType": "semver", "lessThanOrEqual": "6.8.*"}, {"status": "unaffected", "version": "6.9", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["fs/orangefs/super.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/2e2177f94c0e0bc41323d7b6975a5f4820ed347e"}, {"url": "https://git.kernel.org/stable/c/214a6c4a28c11d67044e6cf3a0ab415050d9f03a"}, {"url": "https://git.kernel.org/stable/c/b972e8ac3f44f693127a2806031962d100dfc4d1"}, {"url": "https://git.kernel.org/stable/c/9bf93dcfc453fae192fe5d7874b89699e8f800ac"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nJulia Lawall reported this null pointer dereference, this should fix it."}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.1.86", "versionStartIncluding": "4.6"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.6.27", "versionStartIncluding": "4.6"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.8.6", "versionStartIncluding": "4.6"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.9", "versionStartIncluding": "4.6"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T09:10:47.016Z"}}}, "cveMetadata": {"cveId": "CVE-2024-36023", "state": "PUBLISHED", "dateUpdated": "2025-05-04T09:10:47.016Z", "dateReserved": "2024-05-17T13:50:33.158Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-30T15:04:00.404Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "FE734CE8-823E-4412-B78D-CBCE2100A702", "versionEndExcluding": "6.1.86", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "41504EFE-0C3F-4B7C-B855-EFE4FA9ACB84", "versionEndExcluding": "6.6.27", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6A6B920C-8D8F-4130-86B4-AD334F4CF2E3", "versionEndExcluding": "6.8.10", "versionStartIncluding": "6.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nJulia Lawall reported this null pointer dereference, this should fix it."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: Julia Lawall inform\u00f3 esta desreferencia de puntero nulo, esto deber\u00eda solucionarlo."}], "id": "CVE-2024-36023", "lastModified": "2024-11-21T09:21:27.523", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-05-30T15:15:49.347", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/214a6c4a28c11d67044e6cf3a0ab415050d9f03a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2e2177f94c0e0bc41323d7b6975a5f4820ed347e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9bf93dcfc453fae192fe5d7874b89699e8f800ac"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b972e8ac3f44f693127a2806031962d100dfc4d1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/214a6c4a28c11d67044e6cf3a0ab415050d9f03a"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2e2177f94c0e0bc41323d7b6975a5f4820ed347e"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9bf93dcfc453fae192fe5d7874b89699e8f800ac"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b972e8ac3f44f693127a2806031962d100dfc4d1"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: Julia Lawall reported this null pointer dereference, this should fix it.", "id": "2284425", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2284425"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-476", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nJulia Lawall reported this null pointer dereference, this should fix it.", "A NULL pointer dereference vulnerability was found in the Linux kernel. This issue could lead to unexpected behavior or crashes within the kernel, potentially impacting system stability and security."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-36023", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-30T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-36023\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-36023\nhttps://lore.kernel.org/linux-cve-announce/2024053013-CVE-2024-36023-0202@gregkh/T"], "statement": "Red Hat Enterprise Linux is not vulnerable to this CVE, as it does not affect the versions or configurations of the Linux kernel used in its distributions.", "threat_severity": "Moderate"}

{}