CVE-2024-36903

Опубликовано: 03 мар. 2026

Источник: msrc

CVSS3: 5.5

EPSS Низкий

Описание

ipv6: Fix potential uninit-value access in __ip6_make_skb()

FAQ

Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?

One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.

EPSS

Процентиль: 14%

0.0023

Низкий

5.5 Medium

CVSS3

Связанные уязвимости

CVE-2024-36903

CVSS3: 5.5

ubuntu

около 2 лет назад

In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix potential uninit-value access in __ip6_make_skb() As it was done in commit fc1092f51567 ("ipv4: Fix uninit-value access in __ip_make_skb()") for IPv4, check FLOWI_FLAG_KNOWN_NH on fl6->flowi6_flags instead of testing HDRINCL on the socket to avoid a race condition which causes uninit-value access.

CVE-2024-36903

CVSS3: 5.5

redhat

около 2 лет назад

CVE-2024-36903

CVSS3: 5.5

nvd

около 2 лет назад

CVE-2024-36903

CVSS3: 5.5

debian

около 2 лет назад

In the Linux kernel, the following vulnerability has been resolved: i ...

BDU:2025-03058

CVSS3: 5.5

fstec

около 2 лет назад

Уязвимость функции __ip6_make_skb() модуля net/ipv6/ip6_output.c реализации протокола IPv6 ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 14%

0.0023

Низкий

5.5 Medium

CVSS3