CVE-2024-27396 - Vulnerability Details

Vendors	Products
Debian	Debian Linux
Linux	Linux Kernel

Link	Providers
https://git.kernel.org/stable/c/07b20d0a3dc13fb1adff10b60021a4924498da58
https://git.kernel.org/stable/c/0caff3e6390f840666b8dc1ecebf985c2ef3f1dd
https://git.kernel.org/stable/c/25a1c2d4b1fcf938356a9688a96a6456abd44b29
https://git.kernel.org/stable/c/2aacd4de45477582993f8a8abb9505a06426bfb6
https://git.kernel.org/stable/c/2e74b3fd6bf542349758f283676dff3660327c07
https://git.kernel.org/stable/c/718df1bc226c383dd803397d7f5d95557eb81ac7
https://git.kernel.org/stable/c/cd957d1716ec979d8f5bf38fc659aeb9fdaa2474
https://git.kernel.org/stable/c/f2a904107ee2b647bb7794a1a82b67740d7c8a64
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
https://lore.kernel.org/linux-cve-announce/2024050837-CVE-2024-27396-e9af@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-27396
https://www.cve.org/CVERecord?id=CVE-2024-27396

Type	Values Removed	Values Added
First Time appeared		Debian Debian debian Linux Linux Linux linux Kernel
CPEs		cpe:2.3:o:debian:debian_linux:10.0:::::::* cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.9:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.9:rc2:::::: cpe:2.3:o:linux:linux_kernel:6.9:rc3:::::: cpe:2.3:o:linux:linux_kernel:6.9:rc4:::::: cpe:2.3:o:linux:linux_kernel:6.9:rc5::::::
Vendors & Products		Debian Debian debian Linux Linux Linux linux Kernel
Metrics	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`	cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}`

Type	Values Removed	Values Added
References		https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

Type	Values Removed	Values Added
References	https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Type	Values Removed	Values Added
Weaknesses		CWE-416

Show plain JSON

{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-27396", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-25T13:47:42.677Z", "datePublished": "2024-05-09T16:37:18.867Z", "dateUpdated": "2025-05-04T12:55:30.840Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T12:55:30.840Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: gtp: Fix Use-After-Free in gtp_dellink\n\nSince call_rcu, which is called in the hlist_for_each_entry_rcu traversal\nof gtp_dellink, is not part of the RCU read critical section, it\nis possible that the RCU grace period will pass during the traversal and\nthe key will be free.\n\nTo prevent this, it should be changed to hlist_for_each_entry_safe."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/gtp.c"], "versions": [{"version": "043a283d24f40fea4c8a8d06b0e2694c8e372200", "lessThan": "07b20d0a3dc13fb1adff10b60021a4924498da58", "status": "affected", "versionType": "git"}, {"version": "c185e1d6e2752a4b656c3ca878c525fa11f55757", "lessThan": "718df1bc226c383dd803397d7f5d95557eb81ac7", "status": "affected", "versionType": "git"}, {"version": "94dc550a5062030569d4aa76e10e50c8fc001930", "lessThan": "0caff3e6390f840666b8dc1ecebf985c2ef3f1dd", "status": "affected", "versionType": "git"}, {"version": "94dc550a5062030569d4aa76e10e50c8fc001930", "lessThan": "2e74b3fd6bf542349758f283676dff3660327c07", "status": "affected", "versionType": "git"}, {"version": "94dc550a5062030569d4aa76e10e50c8fc001930", "lessThan": "25a1c2d4b1fcf938356a9688a96a6456abd44b29", "status": "affected", "versionType": "git"}, {"version": "94dc550a5062030569d4aa76e10e50c8fc001930", "lessThan": "2aacd4de45477582993f8a8abb9505a06426bfb6", "status": "affected", "versionType": "git"}, {"version": "94dc550a5062030569d4aa76e10e50c8fc001930", "lessThan": "cd957d1716ec979d8f5bf38fc659aeb9fdaa2474", "status": "affected", "versionType": "git"}, {"version": "94dc550a5062030569d4aa76e10e50c8fc001930", "lessThan": "f2a904107ee2b647bb7794a1a82b67740d7c8a64", "status": "affected", "versionType": "git"}, {"version": "a29c4303930bc0c25ae6a4f365dcdef71447b4ea", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/gtp.c"], "versions": [{"version": "5.5", "status": "affected"}, {"version": "0", "lessThan": "5.5", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.313", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.275", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.216", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.158", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.90", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.30", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8.9", "lessThanOrEqual": "6.8.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.19.93", "versionEndExcluding": "4.19.313"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.4.8", "versionEndExcluding": "5.4.275"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.5", "versionEndExcluding": "5.10.216"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.5", "versionEndExcluding": "5.15.158"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.5", "versionEndExcluding": "6.1.90"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.5", "versionEndExcluding": "6.6.30"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.5", "versionEndExcluding": "6.8.9"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.5", "versionEndExcluding": "6.9"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.14.162"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/07b20d0a3dc13fb1adff10b60021a4924498da58"}, {"url": "https://git.kernel.org/stable/c/718df1bc226c383dd803397d7f5d95557eb81ac7"}, {"url": "https://git.kernel.org/stable/c/0caff3e6390f840666b8dc1ecebf985c2ef3f1dd"}, {"url": "https://git.kernel.org/stable/c/2e74b3fd6bf542349758f283676dff3660327c07"}, {"url": "https://git.kernel.org/stable/c/25a1c2d4b1fcf938356a9688a96a6456abd44b29"}, {"url": "https://git.kernel.org/stable/c/2aacd4de45477582993f8a8abb9505a06426bfb6"}, {"url": "https://git.kernel.org/stable/c/cd957d1716ec979d8f5bf38fc659aeb9fdaa2474"}, {"url": "https://git.kernel.org/stable/c/f2a904107ee2b647bb7794a1a82b67740d7c8a64"}], "title": "net: gtp: Fix Use-After-Free in gtp_dellink", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-27396", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-28T15:23:40.567279Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:47:11.173Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:34:52.256Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/07b20d0a3dc13fb1adff10b60021a4924498da58", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/718df1bc226c383dd803397d7f5d95557eb81ac7", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/0caff3e6390f840666b8dc1ecebf985c2ef3f1dd", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/2e74b3fd6bf542349758f283676dff3660327c07", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/25a1c2d4b1fcf938356a9688a96a6456abd44b29", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/2aacd4de45477582993f8a8abb9505a06426bfb6", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/cd957d1716ec979d8f5bf38fc659aeb9fdaa2474", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/f2a904107ee2b647bb7794a1a82b67740d7c8a64", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{

dataType : CVE_RECORD (string)

cveMetadata : { »

cveId : CVE-2024-27396 (string)

assignerOrgId : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

state : PUBLISHED (string)

assignerShortName : Linux (string)

dateReserved : 2024-02-25T13:47:42.677Z (string)

datePublished : 2024-05-09T16:37:18.867Z (string)

dateUpdated : 2025-05-04T12:55:30.840Z (string)

}

containers : { »

cna : { »

providerMetadata : { »

orgId : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

shortName : Linux (string)

dateUpdated : 2025-05-04T12:55:30.840Z (string)

}

descriptions : [ »

0 : { »

lang : en (string)

value : In the Linux kernel, the following vulnerability has been resolved: net: gtp: Fix Use-After-Free in gtp_dellink Since call_rcu, which is called in the hlist_for_each_entry_rcu traversal of gtp_dellink, is not part of the RCU read critical section, it is possible that the RCU grace period will pass during the traversal and the key will be free. To prevent this, it should be changed to hlist_for_each_entry_safe. (string)

}

]

affected : [ »

0 : { »

product : Linux (string)

vendor : Linux (string)

defaultStatus : unaffected (string)

repo : https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git (string)

programFiles : [ »

0 : drivers/net/gtp.c (string)

]

versions : [ »

0 : { »

version : 043a283d24f40fea4c8a8d06b0e2694c8e372200 (string)

lessThan : 07b20d0a3dc13fb1adff10b60021a4924498da58 (string)

status : affected (string)

versionType : git (string)

}

1 : { »

version : c185e1d6e2752a4b656c3ca878c525fa11f55757 (string)

lessThan : 718df1bc226c383dd803397d7f5d95557eb81ac7 (string)

status : affected (string)

versionType : git (string)

}

2 : { »

version : 94dc550a5062030569d4aa76e10e50c8fc001930 (string)

lessThan : 0caff3e6390f840666b8dc1ecebf985c2ef3f1dd (string)

status : affected (string)

versionType : git (string)

}

3 : { »

version : 94dc550a5062030569d4aa76e10e50c8fc001930 (string)

lessThan : 2e74b3fd6bf542349758f283676dff3660327c07 (string)

status : affected (string)

versionType : git (string)

}

4 : { »

version : 94dc550a5062030569d4aa76e10e50c8fc001930 (string)

lessThan : 25a1c2d4b1fcf938356a9688a96a6456abd44b29 (string)

status : affected (string)

versionType : git (string)

}

5 : { »

version : 94dc550a5062030569d4aa76e10e50c8fc001930 (string)

lessThan : 2aacd4de45477582993f8a8abb9505a06426bfb6 (string)

status : affected (string)

versionType : git (string)

}

6 : { »

version : 94dc550a5062030569d4aa76e10e50c8fc001930 (string)

lessThan : cd957d1716ec979d8f5bf38fc659aeb9fdaa2474 (string)

status : affected (string)

versionType : git (string)

}

7 : { »

version : 94dc550a5062030569d4aa76e10e50c8fc001930 (string)

lessThan : f2a904107ee2b647bb7794a1a82b67740d7c8a64 (string)

status : affected (string)

versionType : git (string)

}

8 : { »

version : a29c4303930bc0c25ae6a4f365dcdef71447b4ea (string)

status : affected (string)

versionType : git (string)

}

]

}

1 : { »

product : Linux (string)

vendor : Linux (string)

defaultStatus : affected (string)

repo : https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git (string)

programFiles : [ »

0 : drivers/net/gtp.c (string)

]

versions : [ »

0 : { »

version : 5.5 (string)

status : affected (string)

}

1 : { »

version : 0 (string)

lessThan : 5.5 (string)

status : unaffected (string)

versionType : semver (string)

}

2 : { »

version : 4.19.313 (string)

lessThanOrEqual : 4.19.* (string)

status : unaffected (string)

versionType : semver (string)

}

3 : { »

version : 5.4.275 (string)

lessThanOrEqual : 5.4.* (string)

status : unaffected (string)

versionType : semver (string)

}

4 : { »

version : 5.10.216 (string)

lessThanOrEqual : 5.10.* (string)

status : unaffected (string)

versionType : semver (string)

}

5 : { »

version : 5.15.158 (string)

lessThanOrEqual : 5.15.* (string)

status : unaffected (string)

versionType : semver (string)

}

6 : { »

version : 6.1.90 (string)

lessThanOrEqual : 6.1.* (string)

status : unaffected (string)

versionType : semver (string)

}

7 : { »

version : 6.6.30 (string)

lessThanOrEqual : 6.6.* (string)

status : unaffected (string)

versionType : semver (string)

}

8 : { »

version : 6.8.9 (string)

lessThanOrEqual : 6.8.* (string)

status : unaffected (string)

versionType : semver (string)

}

9 : { »

version : 6.9 (string)

lessThanOrEqual : * (string)

status : unaffected (string)

versionType : original_commit_for_fix (string)

}

]

}

]

cpeApplicability : [ »

0 : { »

nodes : [ »

0 : { »

operator : OR (string)

negate : false (boolean)

cpeMatch : [ »

0 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 4.19.93 (string)

versionEndExcluding : 4.19.313 (string)

}

1 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 5.4.8 (string)

versionEndExcluding : 5.4.275 (string)

}

2 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 5.5 (string)

versionEndExcluding : 5.10.216 (string)

}

3 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 5.5 (string)

versionEndExcluding : 5.15.158 (string)

}

4 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 5.5 (string)

versionEndExcluding : 6.1.90 (string)

}

5 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 5.5 (string)

versionEndExcluding : 6.6.30 (string)

}

6 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 5.5 (string)

versionEndExcluding : 6.8.9 (string)

}

7 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 5.5 (string)

versionEndExcluding : 6.9 (string)

}

8 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 4.14.162 (string)

}

]

}

]

}

]

references : [ »

0 : { »

url : https://git.kernel.org/stable/c/07b20d0a3dc13fb1adff10b60021a4924498da58 (string)

}

1 : { »

url : https://git.kernel.org/stable/c/718df1bc226c383dd803397d7f5d95557eb81ac7 (string)

}

2 : { »

url : https://git.kernel.org/stable/c/0caff3e6390f840666b8dc1ecebf985c2ef3f1dd (string)

}

3 : { »

url : https://git.kernel.org/stable/c/2e74b3fd6bf542349758f283676dff3660327c07 (string)

}

4 : { »

url : https://git.kernel.org/stable/c/25a1c2d4b1fcf938356a9688a96a6456abd44b29 (string)

}

5 : { »

url : https://git.kernel.org/stable/c/2aacd4de45477582993f8a8abb9505a06426bfb6 (string)

}

6 : { »

url : https://git.kernel.org/stable/c/cd957d1716ec979d8f5bf38fc659aeb9fdaa2474 (string)

}

7 : { »

url : https://git.kernel.org/stable/c/f2a904107ee2b647bb7794a1a82b67740d7c8a64 (string)

}

]

title : net: gtp: Fix Use-After-Free in gtp_dellink (string)

x_generator : { »

engine : bippy-1.2.0 (string)

}

adp : [ »

0 : { »

title : CISA ADP Vulnrichment (string)

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

id : CVE-2024-27396 (string)

role : CISA Coordinator (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : partial (string)

}

]

version : 2.0.3 (string)

timestamp : 2024-05-28T15:23:40.567279Z (string)

}

]

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-06-04T17:47:11.173Z (string)

}

1 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-02T00:34:52.256Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://git.kernel.org/stable/c/07b20d0a3dc13fb1adff10b60021a4924498da58 (string)

tags : [ »

0 : x_transferred (string)

]

}

1 : { »

url : https://git.kernel.org/stable/c/718df1bc226c383dd803397d7f5d95557eb81ac7 (string)

tags : [ »

0 : x_transferred (string)

]

}

2 : { »

url : https://git.kernel.org/stable/c/0caff3e6390f840666b8dc1ecebf985c2ef3f1dd (string)

tags : [ »

0 : x_transferred (string)

]

}

3 : { »

url : https://git.kernel.org/stable/c/2e74b3fd6bf542349758f283676dff3660327c07 (string)

tags : [ »

0 : x_transferred (string)

]

}

4 : { »

url : https://git.kernel.org/stable/c/25a1c2d4b1fcf938356a9688a96a6456abd44b29 (string)

tags : [ »

0 : x_transferred (string)

]

}

5 : { »

url : https://git.kernel.org/stable/c/2aacd4de45477582993f8a8abb9505a06426bfb6 (string)

tags : [ »

0 : x_transferred (string)

]

}

6 : { »

url : https://git.kernel.org/stable/c/cd957d1716ec979d8f5bf38fc659aeb9fdaa2474 (string)

tags : [ »

0 : x_transferred (string)

]

}

7 : { »

url : https://git.kernel.org/stable/c/f2a904107ee2b647bb7794a1a82b67740d7c8a64 (string)

tags : [ »

0 : x_transferred (string)

]

}

8 : { »

url : https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html (string)

tags : [ »

0 : x_transferred (string)

]

}

9 : { »

url : https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html (string)

tags : [ »

0 : x_transferred (string)

]

}

]

}

]

}

dataVersion : 5.1 (string)

}

Show plain JSON

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/07b20d0a3dc13fb1adff10b60021a4924498da58", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/718df1bc226c383dd803397d7f5d95557eb81ac7", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/0caff3e6390f840666b8dc1ecebf985c2ef3f1dd", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/2e74b3fd6bf542349758f283676dff3660327c07", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/25a1c2d4b1fcf938356a9688a96a6456abd44b29", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/2aacd4de45477582993f8a8abb9505a06426bfb6", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/cd957d1716ec979d8f5bf38fc659aeb9fdaa2474", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/f2a904107ee2b647bb7794a1a82b67740d7c8a64", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:34:52.256Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-27396", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-28T15:23:40.567279Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-28T15:23:45.736Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "net: gtp: Fix Use-After-Free in gtp_dellink", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "043a283d24f40fea4c8a8d06b0e2694c8e372200", "lessThan": "07b20d0a3dc13fb1adff10b60021a4924498da58", "versionType": "git"}, {"status": "affected", "version": "c185e1d6e2752a4b656c3ca878c525fa11f55757", "lessThan": "718df1bc226c383dd803397d7f5d95557eb81ac7", "versionType": "git"}, {"status": "affected", "version": "94dc550a5062030569d4aa76e10e50c8fc001930", "lessThan": "0caff3e6390f840666b8dc1ecebf985c2ef3f1dd", "versionType": "git"}, {"status": "affected", "version": "94dc550a5062030569d4aa76e10e50c8fc001930", "lessThan": "2e74b3fd6bf542349758f283676dff3660327c07", "versionType": "git"}, {"status": "affected", "version": "94dc550a5062030569d4aa76e10e50c8fc001930", "lessThan": "25a1c2d4b1fcf938356a9688a96a6456abd44b29", "versionType": "git"}, {"status": "affected", "version": "94dc550a5062030569d4aa76e10e50c8fc001930", "lessThan": "2aacd4de45477582993f8a8abb9505a06426bfb6", "versionType": "git"}, {"status": "affected", "version": "94dc550a5062030569d4aa76e10e50c8fc001930", "lessThan": "cd957d1716ec979d8f5bf38fc659aeb9fdaa2474", "versionType": "git"}, {"status": "affected", "version": "94dc550a5062030569d4aa76e10e50c8fc001930", "lessThan": "f2a904107ee2b647bb7794a1a82b67740d7c8a64", "versionType": "git"}], "programFiles": ["drivers/net/gtp.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.5"}, {"status": "unaffected", "version": "0", "lessThan": "5.5", "versionType": "semver"}, {"status": "unaffected", "version": "4.19.313", "versionType": "semver", "lessThanOrEqual": "4.19.*"}, {"status": "unaffected", "version": "5.4.275", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.216", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.158", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.90", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.30", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.8.9", "versionType": "semver", "lessThanOrEqual": "6.8.*"}, {"status": "unaffected", "version": "6.9", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/net/gtp.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/07b20d0a3dc13fb1adff10b60021a4924498da58"}, {"url": "https://git.kernel.org/stable/c/718df1bc226c383dd803397d7f5d95557eb81ac7"}, {"url": "https://git.kernel.org/stable/c/0caff3e6390f840666b8dc1ecebf985c2ef3f1dd"}, {"url": "https://git.kernel.org/stable/c/2e74b3fd6bf542349758f283676dff3660327c07"}, {"url": "https://git.kernel.org/stable/c/25a1c2d4b1fcf938356a9688a96a6456abd44b29"}, {"url": "https://git.kernel.org/stable/c/2aacd4de45477582993f8a8abb9505a06426bfb6"}, {"url": "https://git.kernel.org/stable/c/cd957d1716ec979d8f5bf38fc659aeb9fdaa2474"}, {"url": "https://git.kernel.org/stable/c/f2a904107ee2b647bb7794a1a82b67740d7c8a64"}], "x_generator": {"engine": "bippy-5f407fcff5a0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: gtp: Fix Use-After-Free in gtp_dellink\n\nSince call_rcu, which is called in the hlist_for_each_entry_rcu traversal\nof gtp_dellink, is not part of the RCU read critical section, it\nis possible that the RCU grace period will pass during the traversal and\nthe key will be free.\n\nTo prevent this, it should be changed to hlist_for_each_entry_safe."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T08:54:12.776Z"}}}, "cveMetadata": {"cveId": "CVE-2024-27396", "state": "PUBLISHED", "dateUpdated": "2024-12-19T08:54:12.776Z", "dateReserved": "2024-02-25T13:47:42.677Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-09T16:37:18.867Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{

dataType : CVE_RECORD (string)

containers : { »

adp : [ »

0 : { »

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://git.kernel.org/stable/c/07b20d0a3dc13fb1adff10b60021a4924498da58 (string)

tags : [ »

0 : x_transferred (string)

]

}

1 : { »

url : https://git.kernel.org/stable/c/718df1bc226c383dd803397d7f5d95557eb81ac7 (string)

tags : [ »

0 : x_transferred (string)

]

}

2 : { »

url : https://git.kernel.org/stable/c/0caff3e6390f840666b8dc1ecebf985c2ef3f1dd (string)

tags : [ »

0 : x_transferred (string)

]

}

3 : { »

url : https://git.kernel.org/stable/c/2e74b3fd6bf542349758f283676dff3660327c07 (string)

tags : [ »

0 : x_transferred (string)

]

}

4 : { »

url : https://git.kernel.org/stable/c/25a1c2d4b1fcf938356a9688a96a6456abd44b29 (string)

tags : [ »

0 : x_transferred (string)

]

}

5 : { »

url : https://git.kernel.org/stable/c/2aacd4de45477582993f8a8abb9505a06426bfb6 (string)

tags : [ »

0 : x_transferred (string)

]

}

6 : { »

url : https://git.kernel.org/stable/c/cd957d1716ec979d8f5bf38fc659aeb9fdaa2474 (string)

tags : [ »

0 : x_transferred (string)

]

}

7 : { »

url : https://git.kernel.org/stable/c/f2a904107ee2b647bb7794a1a82b67740d7c8a64 (string)

tags : [ »

0 : x_transferred (string)

]

}

8 : { »

url : https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html (string)

tags : [ »

0 : x_transferred (string)

]

}

9 : { »

url : https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html (string)

tags : [ »

0 : x_transferred (string)

]

}

]

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-02T00:34:52.256Z (string)

}

1 : { »

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

id : CVE-2024-27396 (string)

role : CISA Coordinator (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : partial (string)

}

]

version : 2.0.3 (string)

timestamp : 2024-05-28T15:23:40.567279Z (string)

}

]

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-05-28T15:23:45.736Z (string)

}

title : CISA ADP Vulnrichment (string)

}

]

cna : { »

title : net: gtp: Fix Use-After-Free in gtp_dellink (string)

affected : [ »

0 : { »

repo : https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git (string)

vendor : Linux (string)

product : Linux (string)

versions : [ »

0 : { »

status : affected (string)

version : 043a283d24f40fea4c8a8d06b0e2694c8e372200 (string)

lessThan : 07b20d0a3dc13fb1adff10b60021a4924498da58 (string)

versionType : git (string)

}

1 : { »

status : affected (string)

version : c185e1d6e2752a4b656c3ca878c525fa11f55757 (string)

lessThan : 718df1bc226c383dd803397d7f5d95557eb81ac7 (string)

versionType : git (string)

}

2 : { »

status : affected (string)

version : 94dc550a5062030569d4aa76e10e50c8fc001930 (string)

lessThan : 0caff3e6390f840666b8dc1ecebf985c2ef3f1dd (string)

versionType : git (string)

}

3 : { »

status : affected (string)

version : 94dc550a5062030569d4aa76e10e50c8fc001930 (string)

lessThan : 2e74b3fd6bf542349758f283676dff3660327c07 (string)

versionType : git (string)

}

4 : { »

status : affected (string)

version : 94dc550a5062030569d4aa76e10e50c8fc001930 (string)

lessThan : 25a1c2d4b1fcf938356a9688a96a6456abd44b29 (string)

versionType : git (string)

}

5 : { »

status : affected (string)

version : 94dc550a5062030569d4aa76e10e50c8fc001930 (string)

lessThan : 2aacd4de45477582993f8a8abb9505a06426bfb6 (string)

versionType : git (string)

}

6 : { »

status : affected (string)

version : 94dc550a5062030569d4aa76e10e50c8fc001930 (string)

lessThan : cd957d1716ec979d8f5bf38fc659aeb9fdaa2474 (string)

versionType : git (string)

}

7 : { »

status : affected (string)

version : 94dc550a5062030569d4aa76e10e50c8fc001930 (string)

lessThan : f2a904107ee2b647bb7794a1a82b67740d7c8a64 (string)

versionType : git (string)

}

]

programFiles : [ »

0 : drivers/net/gtp.c (string)

]

defaultStatus : unaffected (string)

}

1 : { »

repo : https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git (string)

vendor : Linux (string)

product : Linux (string)

versions : [ »

0 : { »

status : affected (string)

version : 5.5 (string)

}

1 : { »

status : unaffected (string)

version : 0 (string)

lessThan : 5.5 (string)

versionType : semver (string)

}

2 : { »

status : unaffected (string)

version : 4.19.313 (string)

versionType : semver (string)

lessThanOrEqual : 4.19.* (string)

}

3 : { »

status : unaffected (string)

version : 5.4.275 (string)

versionType : semver (string)

lessThanOrEqual : 5.4.* (string)

}

4 : { »

status : unaffected (string)

version : 5.10.216 (string)

versionType : semver (string)

lessThanOrEqual : 5.10.* (string)

}

5 : { »

status : unaffected (string)

version : 5.15.158 (string)

versionType : semver (string)

lessThanOrEqual : 5.15.* (string)

}

6 : { »

status : unaffected (string)

version : 6.1.90 (string)

versionType : semver (string)

lessThanOrEqual : 6.1.* (string)

}

7 : { »

status : unaffected (string)

version : 6.6.30 (string)

versionType : semver (string)

lessThanOrEqual : 6.6.* (string)

}

8 : { »

status : unaffected (string)

version : 6.8.9 (string)

versionType : semver (string)

lessThanOrEqual : 6.8.* (string)

}

9 : { »

status : unaffected (string)

version : 6.9 (string)

versionType : original_commit_for_fix (string)

lessThanOrEqual : * (string)

}

]

programFiles : [ »

0 : drivers/net/gtp.c (string)

]

defaultStatus : affected (string)

}

]

references : [ »

0 : { »

url : https://git.kernel.org/stable/c/07b20d0a3dc13fb1adff10b60021a4924498da58 (string)

}

1 : { »

url : https://git.kernel.org/stable/c/718df1bc226c383dd803397d7f5d95557eb81ac7 (string)

}

2 : { »

url : https://git.kernel.org/stable/c/0caff3e6390f840666b8dc1ecebf985c2ef3f1dd (string)

}

3 : { »

url : https://git.kernel.org/stable/c/2e74b3fd6bf542349758f283676dff3660327c07 (string)

}

4 : { »

url : https://git.kernel.org/stable/c/25a1c2d4b1fcf938356a9688a96a6456abd44b29 (string)

}

5 : { »

url : https://git.kernel.org/stable/c/2aacd4de45477582993f8a8abb9505a06426bfb6 (string)

}

6 : { »

url : https://git.kernel.org/stable/c/cd957d1716ec979d8f5bf38fc659aeb9fdaa2474 (string)

}

7 : { »

url : https://git.kernel.org/stable/c/f2a904107ee2b647bb7794a1a82b67740d7c8a64 (string)

}

]

x_generator : { »

engine : bippy-5f407fcff5a0 (string)

}

descriptions : [ »

0 : { »

lang : en (string)

value : In the Linux kernel, the following vulnerability has been resolved: net: gtp: Fix Use-After-Free in gtp_dellink Since call_rcu, which is called in the hlist_for_each_entry_rcu traversal of gtp_dellink, is not part of the RCU read critical section, it is possible that the RCU grace period will pass during the traversal and the key will be free. To prevent this, it should be changed to hlist_for_each_entry_safe. (string)

}

]

providerMetadata : { »

orgId : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

shortName : Linux (string)

dateUpdated : 2024-12-19T08:54:12.776Z (string)

}

cveMetadata : { »

cveId : CVE-2024-27396 (string)

state : PUBLISHED (string)

dateUpdated : 2024-12-19T08:54:12.776Z (string)

dateReserved : 2024-02-25T13:47:42.677Z (string)

assignerOrgId : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

datePublished : 2024-05-09T16:37:18.867Z (string)

assignerShortName : Linux (string)

}

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D8E34938-B599-4B3F-9871-2341E248D9A4", "versionEndExcluding": "4.15", "versionStartIncluding": "4.14.162", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "8186A8B1-49E7-44C9-8D09-6B053D4BDCBD", "versionEndExcluding": "4.19.313", "versionStartIncluding": "4.19.93", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "08BA6295-1810-4C9A-B4D8-E799A4533B19", "versionEndExcluding": "5.4.275", "versionStartIncluding": "5.4.8", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "A44ABF89-F1BD-4C9A-895D-7596650DCD27", "versionEndExcluding": "5.10.216", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "65D80EF6-76AF-4186-B680-55516EA42EED", "versionEndExcluding": "5.15.158", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "59CEDDCF-5C0D-4939-9CFE-2F4524892DD3", "versionEndExcluding": "6.1.90", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "84046DAF-73CF-429D-9BA4-05B658B377B5", "versionEndExcluding": "6.6.30", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "5F9041E5-8358-4EF7-8F98-B812EDE49612", "versionEndExcluding": "6.8.9", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:*", "matchCriteriaId": "22BEDD49-2C6D-402D-9DBF-6646F6ECD10B", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc2:*:*:*:*:*:*", "matchCriteriaId": "DF73CB2A-DFFD-46FB-9BFE-AA394F27EA37", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc3:*:*:*:*:*:*", "matchCriteriaId": "52048DDA-FC5A-4363-95A0-A6357B4D7F8C", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc4:*:*:*:*:*:*", "matchCriteriaId": "A06B2CCF-3F43-4FA9-8773-C83C3F5764B2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc5:*:*:*:*:*:*", "matchCriteriaId": "F850DCEC-E08B-4317-A33B-D2DCF39F601B", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: gtp: Fix Use-After-Free in gtp_dellink\n\nSince call_rcu, which is called in the hlist_for_each_entry_rcu traversal\nof gtp_dellink, is not part of the RCU read critical section, it\nis possible that the RCU grace period will pass during the traversal and\nthe key will be free.\n\nTo prevent this, it should be changed to hlist_for_each_entry_safe."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: gtp: corrige Use-After-Free en gtp_dellink Dado que call_rcu, que se llama en el recorrido hlist_for_each_entry_rcu de gtp_dellink, no forma parte de la secci\u00f3n cr\u00edtica de lectura de RCU, es posible que el per\u00edodo de gracia de RCU pasar\u00e1 durante el recorrido y la clave quedar\u00e1 libre. Para evitar esto, se debe cambiar a hlist_for_each_entry_safe."}], "id": "CVE-2024-27396", "lastModified": "2025-01-14T14:26:09.117", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-05-14T15:12:27.983", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/07b20d0a3dc13fb1adff10b60021a4924498da58"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/0caff3e6390f840666b8dc1ecebf985c2ef3f1dd"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/25a1c2d4b1fcf938356a9688a96a6456abd44b29"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2aacd4de45477582993f8a8abb9505a06426bfb6"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2e74b3fd6bf542349758f283676dff3660327c07"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/718df1bc226c383dd803397d7f5d95557eb81ac7"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/cd957d1716ec979d8f5bf38fc659aeb9fdaa2474"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/f2a904107ee2b647bb7794a1a82b67740d7c8a64"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/07b20d0a3dc13fb1adff10b60021a4924498da58"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/0caff3e6390f840666b8dc1ecebf985c2ef3f1dd"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/25a1c2d4b1fcf938356a9688a96a6456abd44b29"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2aacd4de45477582993f8a8abb9505a06426bfb6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2e74b3fd6bf542349758f283676dff3660327c07"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/718df1bc226c383dd803397d7f5d95557eb81ac7"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/cd957d1716ec979d8f5bf38fc659aeb9fdaa2474"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/f2a904107ee2b647bb7794a1a82b67740d7c8a64"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : D8E34938-B599-4B3F-9871-2341E248D9A4 (string)

versionEndExcluding : 4.15 (string)

versionStartIncluding : 4.14.162 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 8186A8B1-49E7-44C9-8D09-6B053D4BDCBD (string)

versionEndExcluding : 4.19.313 (string)

versionStartIncluding : 4.19.93 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 08BA6295-1810-4C9A-B4D8-E799A4533B19 (string)

versionEndExcluding : 5.4.275 (string)

versionStartIncluding : 5.4.8 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : A44ABF89-F1BD-4C9A-895D-7596650DCD27 (string)

versionEndExcluding : 5.10.216 (string)

versionStartIncluding : 5.5 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 65D80EF6-76AF-4186-B680-55516EA42EED (string)

versionEndExcluding : 5.15.158 (string)

versionStartIncluding : 5.11 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 59CEDDCF-5C0D-4939-9CFE-2F4524892DD3 (string)

versionEndExcluding : 6.1.90 (string)

versionStartIncluding : 5.16 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 84046DAF-73CF-429D-9BA4-05B658B377B5 (string)

versionEndExcluding : 6.6.30 (string)

versionStartIncluding : 6.2 (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 5F9041E5-8358-4EF7-8F98-B812EDE49612 (string)

versionEndExcluding : 6.8.9 (string)

versionStartIncluding : 6.7 (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:* (string)

matchCriteriaId : 22BEDD49-2C6D-402D-9DBF-6646F6ECD10B (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:o:linux:linux_kernel:6.9:rc2:*:*:*:*:*:* (string)

matchCriteriaId : DF73CB2A-DFFD-46FB-9BFE-AA394F27EA37 (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:o:linux:linux_kernel:6.9:rc3:*:*:*:*:*:* (string)

matchCriteriaId : 52048DDA-FC5A-4363-95A0-A6357B4D7F8C (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:o:linux:linux_kernel:6.9:rc4:*:*:*:*:*:* (string)

matchCriteriaId : A06B2CCF-3F43-4FA9-8773-C83C3F5764B2 (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:o:linux:linux_kernel:6.9:rc5:*:*:*:*:*:* (string)

matchCriteriaId : F850DCEC-E08B-4317-A33B-D2DCF39F601B (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 07B237A9-69A3-4A9C-9DA0-4E06BD37AE73 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : In the Linux kernel, the following vulnerability has been resolved: net: gtp: Fix Use-After-Free in gtp_dellink Since call_rcu, which is called in the hlist_for_each_entry_rcu traversal of gtp_dellink, is not part of the RCU read critical section, it is possible that the RCU grace period will pass during the traversal and the key will be free. To prevent this, it should be changed to hlist_for_each_entry_safe. (string)

}

1 : { »

lang : es (string)

value : En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: gtp: corrige Use-After-Free en gtp_dellink Dado que call_rcu, que se llama en el recorrido hlist_for_each_entry_rcu de gtp_dellink, no forma parte de la sección crítica de lectura de RCU, es posible que el período de gracia de RCU pasará durante el recorrido y la clave quedará libre. Para evitar esto, se debe cambiar a hlist_for_each_entry_safe. (string)

}

]

id : CVE-2024-27396 (string)

lastModified : 2025-01-14T14:26:09.117 (string)

metrics : { »

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : HIGH (string)

baseScore : 7.8 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 1.8 (number)

impactScore : 5.9 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2024-05-14T15:12:27.983 (string)

references : [ »

0 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/07b20d0a3dc13fb1adff10b60021a4924498da58 (string)

}

1 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/0caff3e6390f840666b8dc1ecebf985c2ef3f1dd (string)

}

2 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/25a1c2d4b1fcf938356a9688a96a6456abd44b29 (string)

}

3 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/2aacd4de45477582993f8a8abb9505a06426bfb6 (string)

}

4 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/2e74b3fd6bf542349758f283676dff3660327c07 (string)

}

5 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/718df1bc226c383dd803397d7f5d95557eb81ac7 (string)

}

6 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/cd957d1716ec979d8f5bf38fc659aeb9fdaa2474 (string)

}

7 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/f2a904107ee2b647bb7794a1a82b67740d7c8a64 (string)

}

8 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/07b20d0a3dc13fb1adff10b60021a4924498da58 (string)

}

9 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/0caff3e6390f840666b8dc1ecebf985c2ef3f1dd (string)

}

10 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/25a1c2d4b1fcf938356a9688a96a6456abd44b29 (string)

}

11 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/2aacd4de45477582993f8a8abb9505a06426bfb6 (string)

}

12 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/2e74b3fd6bf542349758f283676dff3660327c07 (string)

}

13 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/718df1bc226c383dd803397d7f5d95557eb81ac7 (string)

}

14 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/cd957d1716ec979d8f5bf38fc659aeb9fdaa2474 (string)

}

15 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/f2a904107ee2b647bb7794a1a82b67740d7c8a64 (string)

}

16 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Mailing List (string)

]

url : https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html (string)

}

17 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Mailing List (string)

]

url : https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html (string)

}

]

sourceIdentifier : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

vulnStatus : Analyzed (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-416 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Show plain JSON

{"bugzilla": {"description": "kernel: net: gtp: Fix Use-After-Free in gtp_dellink", "id": "2280437", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280437"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-416", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nnet: gtp: Fix Use-After-Free in gtp_dellink\nSince call_rcu, which is called in the hlist_for_each_entry_rcu traversal\nof gtp_dellink, is not part of the RCU read critical section, it\nis possible that the RCU grace period will pass during the traversal and\nthe key will be free.\nTo prevent this, it should be changed to hlist_for_each_entry_safe.", "A use-after-free vulnerability was found in the GPRS Tunneling Protocol (GTP) subsystem of the Linux kernel. This issue arises from improper management of memory resources in the gtp_dellink function. This flaw allows an attacker with local access or network capabilities to execute arbitrary code or crash the system, leading to potential system compromise or denial of service."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-27396", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-08T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-27396\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-27396\nhttps://lore.kernel.org/linux-cve-announce/2024050837-CVE-2024-27396-e9af@gregkh/T"], "statement": "Red Hat Enterprise Linux is not vulnerable to this CVE, as it does not affect the versions or configurations of the Linux kernel used in its distributions.", "threat_severity": "Moderate"}

{

bugzilla : { »

description : kernel: net: gtp: Fix Use-After-Free in gtp_dellink (string)

id : 2280437 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=2280437 (string)

}

csaw : false (boolean)

cvss3 : { »

cvss3_base_score : 5.5 (string)

cvss3_scoring_vector : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (string)

status : draft (string)

}

cwe : CWE-416 (string)

details : [ »

0 : In the Linux kernel, the following vulnerability has been resolved: net: gtp: Fix Use-After-Free in gtp_dellink Since call_rcu, which is called in the hlist_for_each_entry_rcu traversal of gtp_dellink, is not part of the RCU read critical section, it is possible that the RCU grace period will pass during the traversal and the key will be free. To prevent this, it should be changed to hlist_for_each_entry_safe. (string)

1 : A use-after-free vulnerability was found in the GPRS Tunneling Protocol (GTP) subsystem of the Linux kernel. This issue arises from improper management of memory resources in the gtp_dellink function. This flaw allows an attacker with local access or network capabilities to execute arbitrary code or crash the system, leading to potential system compromise or denial of service. (string)

]

mitigation : { »

lang : en:us (string)

value : Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability. (string)

}

name : CVE-2024-27396 (string)

package_state : [ »

0 : { »

cpe : cpe:/o:redhat:enterprise_linux:6 (string)

fix_state : Not affected (string)

package_name : kernel (string)

product_name : Red Hat Enterprise Linux 6 (string)

}

1 : { »

cpe : cpe:/o:redhat:enterprise_linux:7 (string)

fix_state : Not affected (string)

package_name : kernel (string)

product_name : Red Hat Enterprise Linux 7 (string)

}

2 : { »

cpe : cpe:/o:redhat:enterprise_linux:7 (string)

fix_state : Not affected (string)

package_name : kernel-rt (string)

product_name : Red Hat Enterprise Linux 7 (string)

}

3 : { »

cpe : cpe:/o:redhat:enterprise_linux:8 (string)

fix_state : Not affected (string)

package_name : kernel (string)

product_name : Red Hat Enterprise Linux 8 (string)

}

4 : { »

cpe : cpe:/o:redhat:enterprise_linux:8 (string)

fix_state : Not affected (string)

package_name : kernel-rt (string)

product_name : Red Hat Enterprise Linux 8 (string)

}

5 : { »

cpe : cpe:/o:redhat:enterprise_linux:9 (string)

fix_state : Not affected (string)

package_name : kernel (string)

product_name : Red Hat Enterprise Linux 9 (string)

}

6 : { »

cpe : cpe:/o:redhat:enterprise_linux:9 (string)

fix_state : Not affected (string)

package_name : kernel-rt (string)

product_name : Red Hat Enterprise Linux 9 (string)

}

]

public_date : 2024-05-08T00:00:00Z (string)

references : [ »

0 : https://www.cve.org/CVERecord?id=CVE-2024-27396 https://nvd.nist.gov/vuln/detail/CVE-2024-27396 https://lore.kernel.org/linux-cve-announce/2024050837-CVE-2024-27396-e9af@gregkh/T (string)

]

statement : Red Hat Enterprise Linux is not vulnerable to this CVE, as it does not affect the versions or configurations of the Linux kernel used in its distributions. (string)

threat_severity : Moderate (string)

}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object