[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2024-36938":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T08:53:30.047Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":20,"aliases":21,"duplicate_of":9,"upstream":22,"downstream":23,"duplicates":94,"related":95,"reserved_at":9,"published_at":109,"modified_at":110,"state":111,"summary":112,"references_raw":121,"kevs":148,"epss":149,"epss_history":152,"metrics":399,"affected":405},"CVE-2024-36938","In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue\n\nFix NULL pointer data-races in sk_psock_skb_ingress_enqueue() which\nsyzbot reported [1].\n\n[1]\nBUG: KCSAN: data-race in sk_psock_drop / sk_psock_skb_ingress_enqueue\n\nwrite to 0xffff88814b3278b8 of 8 bytes by task 10724 on cpu 1:\n sk_psock_stop_verdict net/core/skmsg.c:1257 [inline]\n sk_psock_drop+0x13e/0x1f0 net/core/skmsg.c:843\n sk_psock_put include/linux/skmsg.h:459 [inline]\n sock_map_close+0x1a7/0x260 net/core/sock_map.c:1648\n unix_release+0x4b/0x80 net/unix/af_unix.c:1048\n __sock_release net/socket.c:659 [inline]\n sock_close+0x68/0x150 net/socket.c:1421\n __fput+0x2c1/0x660 fs/file_table.c:422\n __fput_sync+0x44/0x60 fs/file_table.c:507\n __do_sys_close fs/open.c:1556 [inline]\n __se_sys_close+0x101/0x1b0 fs/open.c:1541\n __x64_sys_close+0x1f/0x30 fs/open.c:1541\n do_syscall_64+0xd3/0x1d0\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nread to 0xffff88814b3278b8 of 8 bytes by task 10713 on cpu 0:\n sk_psock_data_ready include/linux/skmsg.h:464 [inline]\n sk_psock_skb_ingress_enqueue+0x32d/0x390 net/core/skmsg.c:555\n sk_psock_skb_ingress_self+0x185/0x1e0 net/core/skmsg.c:606\n sk_psock_verdict_apply net/core/skmsg.c:1008 [inline]\n sk_psock_verdict_recv+0x3e4/0x4a0 net/core/skmsg.c:1202\n unix_read_skb net/unix/af_unix.c:2546 [inline]\n unix_stream_read_skb+0x9e/0xf0 net/unix/af_unix.c:2682\n sk_psock_verdict_data_ready+0x77/0x220 net/core/skmsg.c:1223\n unix_stream_sendmsg+0x527/0x860 net/unix/af_unix.c:2339\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x140/0x180 net/socket.c:745\n ____sys_sendmsg+0x312/0x410 net/socket.c:2584\n ___sys_sendmsg net/socket.c:2638 [inline]\n __sys_sendmsg+0x1e9/0x280 net/socket.c:2667\n __do_sys_sendmsg net/socket.c:2676 [inline]\n __se_sys_sendmsg net/socket.c:2674 [inline]\n __x64_sys_sendmsg+0x46/0x50 net/socket.c:2674\n do_syscall_64+0xd3/0x1d0\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nvalue changed: 0xffffffff83d7feb0 -> 0x0000000000000000\n\nReported by Kernel Concurrency Sanitizer on:\nCPU: 0 PID: 10713 Comm: syz-executor.4 Tainted: G        W          6.8.0-syzkaller-08951-gfe46a7dd189e #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024\n\nPrior to this, commit 4cd12c6065df (\"bpf, sockmap: Fix NULL pointer\ndereference in sk_psock_verdict_data_ready()\") fixed one NULL pointer\nsimilarly due to no protection of saved_data_ready. Here is another\ndifferent caller causing the same issue because of the same reason. So\nwe should protect it with sk_callback_lock read lock because the writer\nside in the sk_psock_drop() uses \"write_lock_bh(&sk->sk_callback_lock);\".\n\nTo avoid errors that could happen in future, I move those two pairs of\nlock into the sk_psock_data_ready(), which is suggested by John Fastabend.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-476","NULL Pointer Dereference","The product dereferences a pointer that it expects to be valid but is NULL.","weakness","Stable","Base","Medium",[],[],[],[],[24,26,28,30,32,34,36,38,40,42,44,46,48,50,52,54,56,58,60,62,64,66,68,70,72,74,76,78,80,82,84,86,88,90,92],{"_key":25},"SUSE-SU-2024:2571-1",{"_key":27},"SUSE-SU-2024:2360-1",{"_key":29},"SUSE-SU-2024:2381-1",{"_key":31},"SUSE-SU-2024:2561-1",{"_key":33},"SUSE-SU-2024:2008-1",{"_key":35},"SUSE-SU-2024:2019-1",{"_key":37},"SUSE-SU-2024:2190-1",{"_key":39},"SUSE-SU-2024:2896-1",{"_key":41},"SUSE-SU-2024:2973-1",{"_key":43},"DSA-5747-1",{"_key":45},"SUSE-SU-2025:20008-1",{"_key":47},"SUSE-SU-2025:20028-1",{"_key":49},"MGASA-2024-0263",{"_key":51},"MGASA-2024-0266",{"_key":53},"DEBIAN-CVE-2024-36938",{"_key":55},"UBUNTU-CVE-2024-36938",{"_key":57},"USN-7159-1",{"_key":59},"USN-7159-2",{"_key":61},"USN-7159-3",{"_key":63},"USN-7159-4",{"_key":65},"USN-7159-5",{"_key":67},"USN-6949-1",{"_key":69},"USN-6949-2",{"_key":71},"USN-6950-1",{"_key":73},"USN-6950-2",{"_key":75},"USN-6950-3",{"_key":77},"USN-6950-4",{"_key":79},"USN-6952-1",{"_key":81},"USN-6952-2",{"_key":83},"USN-6955-1",{"_key":85},"USN-6956-1",{"_key":87},"USN-6957-1",{"_key":89},"USN-7019-1",{"_key":91},"USN-7195-1",{"_key":93},"USN-7195-2",[],[96,97,98,99,100,101,102,103,104,105,106,107,108],{"_key":25},{"_key":27},{"_key":29},{"_key":31},{"_key":33},{"_key":35},{"_key":37},{"_key":39},{"_key":41},{"_key":45},{"_key":47},{"_key":49},{"_key":51},"2024-05-30T15:29:26.929Z","2026-05-11T20:17:24.694Z","Modified",{"cisa_kev":113,"cisa_ransomware":113,"cisa_vendor":9,"epss_severity":114,"epss_score":115,"severity":116,"severity_score":117,"severity_version":118,"severity_source":119,"severity_vector":120,"severity_status":111},false,"low",0.00018,"medium",5.5,"v3.1","nvd","CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",[122,127,132,136,140,144],{"url":123,"sources":124,"tags":126},"https://git.kernel.org/stable/c/c0809c128dad4c3413818384eb06a341633db973",[125,119],"cve.org",[],{"url":128,"sources":129,"tags":130},"https://git.kernel.org/stable/c/5965bc7535fb87510b724e5465ccc1a1cf00916d",[125,119],[131],"Patch",{"url":133,"sources":134,"tags":135},"https://git.kernel.org/stable/c/39dc9e1442385d6e9be0b6491ee488dddd55ae27",[125,119],[131],{"url":137,"sources":138,"tags":139},"https://git.kernel.org/stable/c/b397a0ab8582c533ec0c6b732392f141fc364f87",[125,119],[131],{"url":141,"sources":142,"tags":143},"https://git.kernel.org/stable/c/772d5729b5ff0df0d37b32db600ce635b2172f80",[125,119],[131],{"url":145,"sources":146,"tags":147},"https://git.kernel.org/stable/c/6648e613226e18897231ab5e42ffc29e63fa3365",[125,119],[131],[],{"date":150,"score":115,"percentile":151},"2026-06-03",0.04725,[153,157,160,163,166,169,172,175,178,181,183,186,188,190,192,196,199,202,205,208,210,213,215,218,221,224,226,228,231,234,237,240,243,246,249,252,255,258,261,264,266,269,272,275,278,280,283,286,288,291,294,297,300,303,306,308,311,313,315,318,321,324,326,328,330,332,334,337,340,343,346,349,351,353,355,358,361,363,365,368,370,373,376,379,382,385,387,390,393,396],{"date":154,"score":155,"percentile":156},"2025-11-04",0.0001,0.00832,{"date":158,"score":155,"percentile":159},"2025-11-05",0.00841,{"date":161,"score":155,"percentile":162},"2025-11-06",0.00844,{"date":164,"score":155,"percentile":165},"2025-11-07",0.00847,{"date":167,"score":155,"percentile":168},"2025-11-08",0.00845,{"date":170,"score":155,"percentile":171},"2025-11-09",0.00843,{"date":173,"score":155,"percentile":174},"2025-11-10",0.00834,{"date":176,"score":155,"percentile":177},"2025-11-11",0.00838,{"date":179,"score":155,"percentile":180},"2025-11-12",0.00837,{"date":182,"score":155,"percentile":180},"2025-11-13",{"date":184,"score":155,"percentile":185},"2025-11-14",0.00839,{"date":187,"score":155,"percentile":168},"2025-11-15",{"date":189,"score":155,"percentile":171},"2025-11-16",{"date":191,"score":155,"percentile":174},"2025-11-17",{"date":193,"score":194,"percentile":195},"2025-11-18",0.0009,0.21821,{"date":197,"score":194,"percentile":198},"2025-11-19",0.21833,{"date":200,"score":194,"percentile":201},"2025-11-20",0.21842,{"date":203,"score":155,"percentile":204},"2025-11-21",0.00853,{"date":206,"score":155,"percentile":207},"2025-11-22",0.0085,{"date":209,"score":155,"percentile":171},"2025-11-23",{"date":211,"score":155,"percentile":212},"2025-11-24",0.00842,{"date":214,"score":155,"percentile":177},"2025-11-25",{"date":216,"score":155,"percentile":217},"2025-11-26",0.0082,{"date":219,"score":155,"percentile":220},"2025-11-27",0.00818,{"date":222,"score":155,"percentile":223},"2025-11-28",0.00825,{"date":225,"score":155,"percentile":171},"2025-11-29",{"date":227,"score":155,"percentile":168},"2025-11-30",{"date":229,"score":155,"percentile":230},"2025-12-01",0.00867,{"date":232,"score":155,"percentile":233},"2025-12-02",0.00862,{"date":235,"score":155,"percentile":236},"2025-12-03",0.00865,{"date":238,"score":155,"percentile":239},"2025-12-04",0.00849,{"date":241,"score":155,"percentile":242},"2025-12-05",0.00854,{"date":244,"score":155,"percentile":245},"2025-12-06",0.00852,{"date":247,"score":155,"percentile":248},"2025-12-07",0.00856,{"date":250,"score":155,"percentile":251},"2025-12-08",0.00861,{"date":253,"score":155,"percentile":254},"2025-12-09",0.00874,{"date":256,"score":155,"percentile":257},"2025-12-10",0.00885,{"date":259,"score":155,"percentile":260},"2025-12-11",0.00882,{"date":262,"score":155,"percentile":263},"2025-12-12",0.00886,{"date":265,"score":155,"percentile":260},"2025-12-13",{"date":267,"score":155,"percentile":268},"2025-12-14",0.0088,{"date":270,"score":155,"percentile":271},"2025-12-15",0.00878,{"date":273,"score":155,"percentile":274},"2025-12-16",0.00884,{"date":276,"score":155,"percentile":277},"2025-12-17",0.00888,{"date":279,"score":155,"percentile":260},"2025-12-18",{"date":281,"score":155,"percentile":282},"2025-12-19",0.00889,{"date":284,"score":155,"percentile":285},"2025-12-20",0.00887,{"date":287,"score":155,"percentile":282},"2025-12-21",{"date":289,"score":155,"percentile":290},"2025-12-22",0.00893,{"date":292,"score":155,"percentile":293},"2025-12-23",0.0089,{"date":295,"score":155,"percentile":296},"2025-12-24",0.00892,{"date":298,"score":155,"percentile":299},"2025-12-25",0.00897,{"date":301,"score":155,"percentile":302},"2025-12-26",0.00899,{"date":304,"score":155,"percentile":305},"2025-12-27",0.00901,{"date":307,"score":155,"percentile":299},"2025-12-28",{"date":309,"score":155,"percentile":310},"2025-12-29",0.00894,{"date":312,"score":155,"percentile":296},"2025-12-30",{"date":314,"score":155,"percentile":277},"2025-12-31",{"date":316,"score":155,"percentile":317},"2026-01-01",0.00907,{"date":319,"score":155,"percentile":320},"2026-01-02",0.00911,{"date":322,"score":155,"percentile":323},"2026-01-03",0.00912,{"date":325,"score":155,"percentile":285},"2026-01-04",{"date":327,"score":155,"percentile":277},"2026-01-05",{"date":329,"score":155,"percentile":263},"2026-01-06",{"date":331,"score":155,"percentile":285},"2026-01-07",{"date":333,"score":155,"percentile":290},"2026-01-08",{"date":335,"score":155,"percentile":336},"2026-01-09",0.00906,{"date":338,"score":155,"percentile":339},"2026-01-10",0.00772,{"date":341,"score":155,"percentile":342},"2026-01-11",0.00771,{"date":344,"score":155,"percentile":345},"2026-01-12",0.00769,{"date":347,"score":155,"percentile":348},"2026-01-13",0.00768,{"date":350,"score":155,"percentile":348},"2026-01-14",{"date":352,"score":155,"percentile":339},"2026-01-15",{"date":354,"score":155,"percentile":339},"2026-01-16",{"date":356,"score":155,"percentile":357},"2026-01-17",0.00773,{"date":359,"score":155,"percentile":360},"2026-01-18",0.00775,{"date":362,"score":155,"percentile":357},"2026-01-19",{"date":364,"score":155,"percentile":345},"2026-01-20",{"date":366,"score":155,"percentile":367},"2026-01-21",0.00767,{"date":369,"score":155,"percentile":348},"2026-01-22",{"date":371,"score":155,"percentile":372},"2026-01-23",0.00778,{"date":374,"score":155,"percentile":375},"2026-01-24",0.00784,{"date":377,"score":155,"percentile":378},"2026-01-25",0.00785,{"date":380,"score":155,"percentile":381},"2026-01-26",0.00786,{"date":383,"score":155,"percentile":384},"2026-01-27",0.00789,{"date":386,"score":155,"percentile":381},"2026-01-28",{"date":388,"score":155,"percentile":389},"2026-01-29",0.00788,{"date":391,"score":155,"percentile":392},"2026-01-30",0.008,{"date":394,"score":155,"percentile":395},"2026-01-31",0.00808,{"date":397,"score":155,"percentile":398},"2026-02-01",0.00813,[400],{"source":119,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":401,"cvss_v4_0":9},{"baseScore":117,"baseSeverity":402,"vectorString":120,"impactScore":403,"exploitabilityScore":404},"MEDIUM",6,4.6,[406,435],{"ecosystem":9,"name":407,"vendor":408,"product":408,"cpe_part":409,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":410},"Linux","linux","a",[411,418,421,424,427,430,433],{"version":412,"is_range":413,"range_type":125,"version_start":414,"version_start_type":415,"version_end":416,"version_end_type":417,"fixed_in":9},">= 604326b41a6fb9b4a78b6179335decee0365cd8c, \u003C c0809c128dad4c3413818384eb06a341633db973",true,"604326b41a6fb9b4a78b6179335decee0365cd8c","including","c0809c128dad4c3413818384eb06a341633db973","excluding",{"version":419,"is_range":413,"range_type":125,"version_start":414,"version_start_type":415,"version_end":420,"version_end_type":417,"fixed_in":9},">= 604326b41a6fb9b4a78b6179335decee0365cd8c, \u003C 5965bc7535fb87510b724e5465ccc1a1cf00916d","5965bc7535fb87510b724e5465ccc1a1cf00916d",{"version":422,"is_range":413,"range_type":125,"version_start":414,"version_start_type":415,"version_end":423,"version_end_type":417,"fixed_in":9},">= 604326b41a6fb9b4a78b6179335decee0365cd8c, \u003C 39dc9e1442385d6e9be0b6491ee488dddd55ae27","39dc9e1442385d6e9be0b6491ee488dddd55ae27",{"version":425,"is_range":413,"range_type":125,"version_start":414,"version_start_type":415,"version_end":426,"version_end_type":417,"fixed_in":9},">= 604326b41a6fb9b4a78b6179335decee0365cd8c, \u003C b397a0ab8582c533ec0c6b732392f141fc364f87","b397a0ab8582c533ec0c6b732392f141fc364f87",{"version":428,"is_range":413,"range_type":125,"version_start":414,"version_start_type":415,"version_end":429,"version_end_type":417,"fixed_in":9},">= 604326b41a6fb9b4a78b6179335decee0365cd8c, \u003C 772d5729b5ff0df0d37b32db600ce635b2172f80","772d5729b5ff0df0d37b32db600ce635b2172f80",{"version":431,"is_range":413,"range_type":125,"version_start":414,"version_start_type":415,"version_end":432,"version_end_type":417,"fixed_in":9},">= 604326b41a6fb9b4a78b6179335decee0365cd8c, \u003C 6648e613226e18897231ab5e42ffc29e63fa3365","6648e613226e18897231ab5e42ffc29e63fa3365",{"version":434,"is_range":113,"range_type":125,"version_start":434,"version_start_type":415,"version_end":434,"version_end_type":415,"fixed_in":9},"4.20",{"ecosystem":9,"name":436,"vendor":408,"product":437,"cpe_part":438,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":439},"linux kernel","linux_kernel","o",[440,444,448,452],{"version":441,"is_range":413,"range_type":442,"version_start":434,"version_start_type":415,"version_end":443,"version_end_type":417,"fixed_in":9},"gte4.20_lt5.15.159","cpe","5.15.159",{"version":445,"is_range":413,"range_type":442,"version_start":446,"version_start_type":415,"version_end":447,"version_end_type":417,"fixed_in":9},"gte5.16_lt6.1.91","5.16","6.1.91",{"version":449,"is_range":413,"range_type":442,"version_start":450,"version_start_type":415,"version_end":451,"version_end_type":417,"fixed_in":9},"gte6.2_lt6.6.31","6.2","6.6.31",{"version":453,"is_range":413,"range_type":442,"version_start":454,"version_start_type":415,"version_end":455,"version_end_type":417,"fixed_in":9},"gte6.7_lt6.8.10","6.7","6.8.10"]