CRITICAL🇵🇱 Wersja polska

CVE-2024-38612

CVSS 9.8v3.1pub. 2024-06-19upd. 2026-05-12

In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix invalid unregister error path The error path of seg6_init() is wrong in case CONFIG_IPV6_SEG6_LWTUNNEL is not defined. In that case if seg6_hmac_init() fails, the genl_unregister_family() isn't called. This issue exist since commit 46738b1317e1 ("ipv6: sr: add option to control lwtunnel support"), and commit 5559cea2d5aa ("ipv6: sr: fix possible use-after-free and null-ptr-deref") replaced unregister_pernet_subsys() with genl_unregister_family() in this error path.

🤖 AI Analysis
How it works

When the CONFIG_IPV6_SEG6_LWTUNNEL option is not defined and the seg6_hmac_init() function fails, the error handling path in seg6_init() does not call genl_unregister_family(). This causes an incorrect internal kernel state — resources are not properly freed or unregistered. The bug has existed since commit 46738b1317e1, and the subsequent change (5559cea2d5aa) replaced unregister_pernet_subsys() with a call to genl_unregister_family() in this path, but did not fix the original problem of missing this function call under specific conditions.

Impact

An attacker or incorrect system state can lead to use-after-free or NULL pointer dereference in kernel space, which may result in privilege escalation, disclosure of sensitive data, or system failure (denial of service).

Mitigation & patch

Patches available from the vendor should be applied in accordance with references — fixes have been published in stable Linux kernel branches and are available at the addresses indicated in the CVE references section.

Who is affected

Linux Kernel — versions indicated in vendor references (patches available in stable branches referenced by git.kernel.org)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Linux Kernel

    OS
    Linux
    4.10 – 4.19.316 (bez)4.20 – 5.4.278 (bez)5.5 – 5.10.219 (bez)5.11 – 5.15.161 (bez)5.16 – 6.1.93 (bez)6.2 – 6.6.33 (bez)6.7 – 6.8.12 (bez)6.9 – 6.9.3 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Memory
CWE
References

Related vulnerabilities

CVE-2025-10585CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Type confusion w V8 (Google Chrome) — zdalne uszkodzenie sterty

CVE-2025-34028CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Commvault Command Center – nieuwierzytelniony RCE przez path traversal w ZIP

CVE-2022-47986CRITICAL9.8⚠ KEVten sam produkt

IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on t...

CVE-2022-22954CRITICAL9.8⚠ KEVten sam produkt

VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-s...

CVE-2020-4006CRITICAL9.1⚠ KEVten sam produkt

VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a...