Critical severity9.8NVD Advisory· Published Jun 19, 2024· Updated May 12, 2026

CVE-2024-38612

Description

In the Linux kernel, the following vulnerability has been resolved:

ipv6: sr: fix invalid unregister error path

The error path of seg6_init() is wrong in case CONFIG_IPV6_SEG6_LWTUNNEL is not defined. In that case if seg6_hmac_init() fails, the genl_unregister_family() isn't called.

This issue exist since commit 46738b1317e1 ("ipv6: sr: add option to control lwtunnel support"), and commit 5559cea2d5aa ("ipv6: sr: fix possible use-after-free and null-ptr-deref") replaced unregister_pernet_subsys() with genl_unregister_family() in this error path.

Affected products

Linux/Linuxv5
Range: 4.10

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

cert-portal.siemens.com/productcert/html/ssa-265688.htmlnvd
cert-portal.siemens.com/productcert/html/ssa-398330.htmlnvd
cert-portal.siemens.com/productcert/html/ssa-613116.htmlnvd
lists.debian.org/debian-lts-announce/2024/06/msg00020.htmlnvd

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000