Security tracker / CVE-2024-36009

CVE-2024-36009

ax25: Fix netdev refcount issue

References

• Debian security tracker
• cve.org

Notes

 carnil> Introduced in feef318c855a ("ax25: fix UAF bugs of net_device caused by
 carnil> rebinding operation"). Vulnerable versions: 4.14.277 4.19.240 5.4.190 5.10.112
 carnil> 5.15.35 5.17-rc4.

Bugs

Status

Branch	Status
upstream	released (6.9-rc6) [467324bcfe1a31ec65d0cf4aa59421d6b7a7d52b]
6.18-upstream-stable	N/A "Fixed before branching point"
6.17-upstream-stable	N/A "Fixed before branching point"
6.12-upstream-stable	N/A "Fixed before branching point"
6.8-upstream-stable	released (6.8.9) [c42b073d9af4a5329b25b17390c63ab3847f30e8]
6.6-upstream-stable	released (6.6.30) [4fee8fa86a15d7790268eea458b1aec69c695530]
6.1-upstream-stable	released (6.1.90) [0d14f104027e30720582448706c7d6b43065c851]
5.10-upstream-stable	needed
sid	released (6.8.9-1)
6.12-trixie-security	N/A "Fixed before branching point"
6.1-bookworm-security	released (6.1.90-1)
5.10-bullseye-security	needed