CVE-2024-36902: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() syzbot is able to trigger the following crash [1], caused by unsafe ip6_dst_idev() use. Indeed ip6_dst_idev() can return NULL, and must always be checked. [1] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] CPU: 0 PID: 31648 Comm: syz-executor.0 Not tainted 6.9.0-rc4-next-20240417-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 RIP: 0010:__fib6_rule_action net/ipv6/fib6_rules.c:237 [inline] RIP: 0010:fib6_rule_action+0x241/0x7b0 net/ipv6/fib6_rules.c:267 Code: 02 00 00 49 8d 9f d8 00 00 00 48 89 d8 48 c1 e8 03 42 80 3c 20 00 74 08 48 89 df e8 f9 32 bf f7 48 8b 1b 48 89 d8 48 c1 e8 03 <42> 80 3c 20 00 74 08 48 89 df e8 e0 32 bf f7 4c 8b 03 48 89 ef 4c RSP: 0018:ffffc9000fc1f2f0 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 1a772f98c8186700 RDX: 0000000000000003 RSI: ffffffff8bcac4e0 RDI: ffffffff8c1f9760 RBP: ffff8880673fb980 R08: ffffffff8fac15ef R09: 1ffffffff1f582bd R10: dffffc0000000000 R11: fffffbfff1f582be R12: dffffc0000000000 R13: 0000000000000080 R14: ffff888076509000 R15: ffff88807a029a00 FS: 00007f55e82ca6c0(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b31d23000 CR3: 0000000022b66000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> fib_rules_lookup+0x62c/0xdb0 net/core/fib_rules.c:317 fib6_rule_lookup+0x1fd/0x790 net/ipv6/fib6_rules.c:108 ip6_route_output_flags_noref net/ipv6/route.c:2637 [inline] ip6_route_output_flags+0x38e/0x610 net/ipv6/route.c:2649 ip6_route_output include/net/ip6_route.h:93 [inline] ip6_dst_lookup_tail+0x189/0x11a0 net/ipv6/ip6_output.c:1120 ip6_dst_lookup_flow+0xb9/0x180 net/ipv6/ip6_output.c:1250 sctp_v6_get_dst+0x792/0x1e20 net/sctp/ipv6.c:326 sctp_transport_route+0x12c/0x2e0 net/sctp/transport.c:455 sctp_assoc_add_peer+0x614/0x15c0 net/sctp/associola.c:662 sctp_connect_new_asoc+0x31d/0x6c0 net/sctp/socket.c:1099 __sctp_connect+0x66d/0xe30 net/sctp/socket.c:1197 sctp_connect net/sctp/socket.c:4819 [inline] sctp_inet_connect+0x149/0x1f0 net/sctp/socket.c:4834 __sys_connect_file net/socket.c:2048 [inline] __sys_connect+0x2df/0x310 net/socket.c:2065 __do_sys_connect net/socket.c:2075 [inline] __se_sys_connect net/socket.c:2072 [inline] __x64_sys_connect+0x7a/0x90 net/socket.c:2072 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f
AI Analysis
Technical Summary
CVE-2024-36902 is a vulnerability identified in the Linux kernel's IPv6 networking stack, specifically within the fib6_rules component responsible for IPv6 routing rules. The flaw arises from improper handling of the ip6_dst_idev() function, which can return a NULL pointer under certain conditions. The vulnerable code fails to check for this NULL return value before dereferencing it, leading to a potential NULL pointer dereference and consequent kernel crash (general protection fault). The issue was discovered and reproducible by syzbot, an automated kernel fuzzing tool, which triggered a crash due to unsafe use of ip6_dst_idev(). The vulnerability manifests as a kernel oops and can cause denial of service by crashing the affected system. The technical details indicate the crash occurs in fib6_rule_action() when processing IPv6 routing rules, with a stack trace showing the flow through IPv6 routing and SCTP transport layers. The vulnerability affects Linux kernel versions prior to the patch that ensures ip6_dst_idev() return values are properly checked to avoid NULL dereference. No public exploits are known in the wild at this time, and no CVSS score has been assigned yet. However, the vulnerability is significant because it affects the core Linux kernel networking stack, which is widely used in servers, cloud infrastructure, and embedded devices. The vulnerability requires no authentication but does require triggering specific IPv6 routing conditions that cause the NULL pointer dereference. While exploitation does not lead to privilege escalation or code execution, the resulting kernel crash can cause denial of service and potential disruption of network services relying on IPv6 routing.
Potential Impact
For European organizations, the impact of CVE-2024-36902 can be substantial, especially for enterprises and service providers heavily reliant on Linux-based infrastructure and IPv6 networking. The vulnerability can cause kernel crashes leading to system downtime or service interruptions, affecting availability of critical applications and network services. This is particularly relevant for cloud providers, telecom operators, and data centers in Europe that use Linux kernels in their servers and networking equipment. Disruption of IPv6 routing can degrade network performance or cause outages, impacting business continuity and potentially violating regulatory requirements for service availability. Although the vulnerability does not directly compromise confidentiality or integrity, denial of service in core network components can indirectly affect operational security and trust. Organizations with IPv6-enabled Linux systems must consider the risk of targeted or accidental triggering of this flaw, which could be exploited by attackers or result from malformed network traffic. Given the increasing adoption of IPv6 in Europe, the vulnerability poses a real risk to infrastructure stability and availability.
Mitigation Recommendations
To mitigate CVE-2024-36902, European organizations should promptly apply the official Linux kernel patches that address the NULL pointer dereference by adding proper NULL checks for ip6_dst_idev() return values. Until patches are deployed, organizations can consider the following specific measures: 1) Restrict or monitor IPv6 routing rule modifications and traffic to reduce exposure to malformed or malicious IPv6 packets that could trigger the vulnerability. 2) Employ kernel crash monitoring and automated recovery mechanisms to minimize downtime in case of exploitation. 3) Use network segmentation and firewall rules to limit access to vulnerable systems from untrusted networks. 4) For critical infrastructure, consider temporarily disabling or limiting IPv6 routing features if feasible, to reduce attack surface. 5) Maintain up-to-date kernel versions and subscribe to Linux kernel security advisories to receive timely updates. 6) Conduct internal testing of the patch in staging environments to ensure stability before production deployment. These targeted mitigations go beyond generic advice by focusing on controlling IPv6 routing exposure and ensuring rapid recovery from potential crashes.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Norway, Denmark, Italy, Spain
CVE-2024-36902: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() syzbot is able to trigger the following crash [1], caused by unsafe ip6_dst_idev() use. Indeed ip6_dst_idev() can return NULL, and must always be checked. [1] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] CPU: 0 PID: 31648 Comm: syz-executor.0 Not tainted 6.9.0-rc4-next-20240417-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 RIP: 0010:__fib6_rule_action net/ipv6/fib6_rules.c:237 [inline] RIP: 0010:fib6_rule_action+0x241/0x7b0 net/ipv6/fib6_rules.c:267 Code: 02 00 00 49 8d 9f d8 00 00 00 48 89 d8 48 c1 e8 03 42 80 3c 20 00 74 08 48 89 df e8 f9 32 bf f7 48 8b 1b 48 89 d8 48 c1 e8 03 <42> 80 3c 20 00 74 08 48 89 df e8 e0 32 bf f7 4c 8b 03 48 89 ef 4c RSP: 0018:ffffc9000fc1f2f0 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 1a772f98c8186700 RDX: 0000000000000003 RSI: ffffffff8bcac4e0 RDI: ffffffff8c1f9760 RBP: ffff8880673fb980 R08: ffffffff8fac15ef R09: 1ffffffff1f582bd R10: dffffc0000000000 R11: fffffbfff1f582be R12: dffffc0000000000 R13: 0000000000000080 R14: ffff888076509000 R15: ffff88807a029a00 FS: 00007f55e82ca6c0(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b31d23000 CR3: 0000000022b66000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> fib_rules_lookup+0x62c/0xdb0 net/core/fib_rules.c:317 fib6_rule_lookup+0x1fd/0x790 net/ipv6/fib6_rules.c:108 ip6_route_output_flags_noref net/ipv6/route.c:2637 [inline] ip6_route_output_flags+0x38e/0x610 net/ipv6/route.c:2649 ip6_route_output include/net/ip6_route.h:93 [inline] ip6_dst_lookup_tail+0x189/0x11a0 net/ipv6/ip6_output.c:1120 ip6_dst_lookup_flow+0xb9/0x180 net/ipv6/ip6_output.c:1250 sctp_v6_get_dst+0x792/0x1e20 net/sctp/ipv6.c:326 sctp_transport_route+0x12c/0x2e0 net/sctp/transport.c:455 sctp_assoc_add_peer+0x614/0x15c0 net/sctp/associola.c:662 sctp_connect_new_asoc+0x31d/0x6c0 net/sctp/socket.c:1099 __sctp_connect+0x66d/0xe30 net/sctp/socket.c:1197 sctp_connect net/sctp/socket.c:4819 [inline] sctp_inet_connect+0x149/0x1f0 net/sctp/socket.c:4834 __sys_connect_file net/socket.c:2048 [inline] __sys_connect+0x2df/0x310 net/socket.c:2065 __do_sys_connect net/socket.c:2075 [inline] __se_sys_connect net/socket.c:2072 [inline] __x64_sys_connect+0x7a/0x90 net/socket.c:2072 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f
AI-Powered Analysis
Technical Analysis
CVE-2024-36902 is a vulnerability identified in the Linux kernel's IPv6 networking stack, specifically within the fib6_rules component responsible for IPv6 routing rules. The flaw arises from improper handling of the ip6_dst_idev() function, which can return a NULL pointer under certain conditions. The vulnerable code fails to check for this NULL return value before dereferencing it, leading to a potential NULL pointer dereference and consequent kernel crash (general protection fault). The issue was discovered and reproducible by syzbot, an automated kernel fuzzing tool, which triggered a crash due to unsafe use of ip6_dst_idev(). The vulnerability manifests as a kernel oops and can cause denial of service by crashing the affected system. The technical details indicate the crash occurs in fib6_rule_action() when processing IPv6 routing rules, with a stack trace showing the flow through IPv6 routing and SCTP transport layers. The vulnerability affects Linux kernel versions prior to the patch that ensures ip6_dst_idev() return values are properly checked to avoid NULL dereference. No public exploits are known in the wild at this time, and no CVSS score has been assigned yet. However, the vulnerability is significant because it affects the core Linux kernel networking stack, which is widely used in servers, cloud infrastructure, and embedded devices. The vulnerability requires no authentication but does require triggering specific IPv6 routing conditions that cause the NULL pointer dereference. While exploitation does not lead to privilege escalation or code execution, the resulting kernel crash can cause denial of service and potential disruption of network services relying on IPv6 routing.
Potential Impact
For European organizations, the impact of CVE-2024-36902 can be substantial, especially for enterprises and service providers heavily reliant on Linux-based infrastructure and IPv6 networking. The vulnerability can cause kernel crashes leading to system downtime or service interruptions, affecting availability of critical applications and network services. This is particularly relevant for cloud providers, telecom operators, and data centers in Europe that use Linux kernels in their servers and networking equipment. Disruption of IPv6 routing can degrade network performance or cause outages, impacting business continuity and potentially violating regulatory requirements for service availability. Although the vulnerability does not directly compromise confidentiality or integrity, denial of service in core network components can indirectly affect operational security and trust. Organizations with IPv6-enabled Linux systems must consider the risk of targeted or accidental triggering of this flaw, which could be exploited by attackers or result from malformed network traffic. Given the increasing adoption of IPv6 in Europe, the vulnerability poses a real risk to infrastructure stability and availability.
Mitigation Recommendations
To mitigate CVE-2024-36902, European organizations should promptly apply the official Linux kernel patches that address the NULL pointer dereference by adding proper NULL checks for ip6_dst_idev() return values. Until patches are deployed, organizations can consider the following specific measures: 1) Restrict or monitor IPv6 routing rule modifications and traffic to reduce exposure to malformed or malicious IPv6 packets that could trigger the vulnerability. 2) Employ kernel crash monitoring and automated recovery mechanisms to minimize downtime in case of exploitation. 3) Use network segmentation and firewall rules to limit access to vulnerable systems from untrusted networks. 4) For critical infrastructure, consider temporarily disabling or limiting IPv6 routing features if feasible, to reduce attack surface. 5) Maintain up-to-date kernel versions and subscribe to Linux kernel security advisories to receive timely updates. 6) Conduct internal testing of the patch in staging environments to ensure stability before production deployment. These targeted mitigations go beyond generic advice by focusing on controlling IPv6 routing exposure and ensuring rapid recovery from potential crashes.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-05-30T15:25:07.066Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9828c4522896dcbe2610
Added to database: 5/21/2025, 9:08:56 AM
Last enriched: 6/29/2025, 9:57:14 AM
Last updated: 8/11/2025, 11:24:05 PM
Views: 18
Related Threats
CVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumCVE-2025-54759: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.