Sign in Subscribe

← All advisories

High severity7.8NVD Advisory· Published Sep 4, 2024· Updated Apr 9, 2026

CVE-2024-44986

CVE-2024-44986

Description

In the Linux kernel, the following vulnerability has been resolved:

ipv6: fix possible UAF in ip6_finish_output2()

If skb_expand_head() returns NULL, skb has been freed and associated dst/idev could also have been freed.

We need to hold rcu_read_lock() to make sure the dst and associated idev are alive.

Affected products

6

Debian/Debian Linux
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
Linux/Kernel5 versions
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: >=5.4.137,<5.4.289
- cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.11:rc4:*:*:*:*:*:*

Patches

5

e891b36de161

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv

3574d28caf9a

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv

6ab6bf731354

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv

56efc2531967

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv

da273b377ae0

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

1

lists.debian.org/debian-lts-announce/2025/01/msg00001.htmlnvdMailing ListThird Party Advisory

News mentions

0

No linked articles in our index yet.