SB20240608129 - Infinite loop in Linux kernel ipv6
Published: June 8, 2024 Updated: May 13, 2025
Security Bulletin ID
SB20240608129
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Infinite loop (CVE-ID: CVE-2024-35886)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the inet6_dump_fib() function in net/ipv6/ip6_fib.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/9472d07cd095cbd3294ac54c42f304a38fbe9bfe
- https://git.kernel.org/stable/c/9c5258196182c25b55c33167cd72fdd9bbf08985
- https://git.kernel.org/stable/c/fd307f2d91d40fa7bc55df3e2cd1253fabf8a2d6
- https://git.kernel.org/stable/c/40a344b2ddc06c1a2caa7208a43911f39c662778
- https://git.kernel.org/stable/c/167d4b47a9bdcb01541dfa29e9f3cbb8edd3dfd2
- https://git.kernel.org/stable/c/f2dd75e57285f49e34af1a5b6cd8945c08243776
- https://git.kernel.org/stable/c/4a7c465a5dcd657d59d25bf4815e19ac05c13061
- https://git.kernel.org/stable/c/d21d40605bca7bd5fc23ef03d4c1ca1f48bc2cae
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.312
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.215
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.154
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.274
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.85
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.26
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8.5