Security tracker / CVE-2024-36927

CVE-2024-36927

ipv4: Fix uninit-value access in __ip_make_skb()

References

• Debian security tracker
• cve.org

Notes

 carnil> Introduced in 99e5acae193e ("ipv4: Fix potential uninit variable access bug in
 carnil> __ip_make_skb()"). Vulnerable versions: 4.14.315 4.19.283 5.4.243 5.10.180
 carnil> 5.15.111 6.1.28 6.2.15 6.3.2 6.4-rc1.

Bugs

Status

Branch	Status
upstream	released (6.9-rc7) [fc1092f51567277509563800a3c56732070b6aa4]
6.18-upstream-stable	N/A "Fixed before branching point"
6.17-upstream-stable	N/A "Fixed before branching point"
6.12-upstream-stable	N/A "Fixed before branching point"
6.8-upstream-stable	released (6.8.10) [f5c603ad4e6fcf42f84053e882ebe20184bb309e]
6.6-upstream-stable	released (6.6.31) [5db08343ddb1b239320612036c398e4e1bb52818]
6.1-upstream-stable	released (6.1.140) [55bf541e018b76b3750cb6c6ea18c46e1ac5562e]
5.10-upstream-stable	needed
sid	released (6.8.11-1)
6.12-trixie-security	N/A "Fixed before branching point"
6.1-bookworm-security	released (6.1.140-1)
5.10-bullseye-security	needed