Medium severity5.5NVD Advisory· Published Jun 21, 2024· Updated May 12, 2026

CVE-2024-36288

Description

In the Linux kernel, the following vulnerability has been resolved:

SUNRPC: Fix loop termination condition in gss_free_in_token_pages()

The in_token->pages[] array is not NULL terminated. This results in the following KASAN splat:

KASAN: maybe wild-memory-access in range [0x04a2013400000008-0x04a201340000000f]

No patches discovered yet.

AI mechanics synthesis has not run for this CVE yet.

No linked articles in our index yet.

MediumCVSS v3.1

5.5/ 10

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Probability of exploitation in the next 30 days.

0.01%

Composite of severity, exploitation, and reach.

0.36medium

CVE-2024-36288