[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-DEBIAN-CVE-2024-36008":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T14:53:31.930Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":16,"duplicates":19,"related":20,"reserved_at":9,"published_at":21,"modified_at":22,"state":9,"summary":23,"references_raw":25,"kevs":32,"epss":9,"epss_history":33,"metrics":34,"affected":41},"DEBIAN-CVE-2024-36008","In the Linux kernel, the following vulnerability has been resolved:  ipv4: check for NULL idev in ip_route_use_hint()  syzbot was able to trigger a NULL deref in fib_validate_source() in an old tree [1].  It appears the bug exists in latest trees.  All calls to __in_dev_get_rcu() must be checked for a NULL result.  [1] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] CPU: 2 PID: 3257 Comm: syz-executor.3 Not tainted 5.10.0-syzkaller #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014  RIP: 0010:fib_validate_source+0xbf/0x15a0 net/ipv4/fib_frontend.c:425 Code: 18 f2 f2 f2 f2 42 c7 44 20 23 f3 f3 f3 f3 48 89 44 24 78 42 c6 44 20 27 f3 e8 5d 88 48 fc 4c 89 e8 48 c1 e8 03 48 89 44 24 18 \u003C42> 80 3c 20 00 74 08 4c 89 ef e8 d2 15 98 fc 48 89 5c 24 10 41 bf RSP: 0018:ffffc900015fee40 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffff88800f7a4000 RCX: ffff88800f4f90c0 RDX: 0000000000000000 RSI: 0000000004001eac RDI: ffff8880160c64c0 RBP: ffffc900015ff060 R08: 0000000000000000 R09: ffff88800f7a4000 R10: 0000000000000002 R11: ffff88800f4f90c0 R12: dffffc0000000000 R13: 0000000000000000 R14: 0000000000000000 R15: ffff88800f7a4000 FS:  00007f938acfe6c0(0000) GS:ffff888058c00000(0000) knlGS:0000000000000000 CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f938acddd58 CR3: 000000001248e000 CR4: 0000000000352ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace:   ip_route_use_hint+0x410/0x9b0 net/ipv4/route.c:2231   ip_rcv_finish_core+0x2c4/0x1a30 net/ipv4/ip_input.c:327   ip_list_rcv_finish net/ipv4/ip_input.c:612 [inline]   ip_sublist_rcv+0x3ed/0xe50 net/ipv4/ip_input.c:638   ip_list_rcv+0x422/0x470 net/ipv4/ip_input.c:673   __netif_receive_skb_list_ptype net/core/dev.c:5572 [inline]   __netif_receive_skb_list_core+0x6b1/0x890 net/core/dev.c:5620   __netif_receive_skb_list net/core/dev.c:5672 [inline]   netif_receive_skb_list_internal+0x9f9/0xdc0 net/core/dev.c:5764   netif_receive_skb_list+0x55/0x3e0 net/core/dev.c:5816   xdp_recv_frames net/bpf/test_run.c:257 [inline]   xdp_test_run_batch net/bpf/test_run.c:335 [inline]   bpf_test_run_xdp_live+0x1818/0x1d00 net/bpf/test_run.c:363   bpf_prog_test_run_xdp+0x81f/0x1170 net/bpf/test_run.c:1376   bpf_prog_test_run+0x349/0x3c0 kernel/bpf/syscall.c:3736   __sys_bpf+0x45c/0x710 kernel/bpf/syscall.c:5115   __do_sys_bpf kernel/bpf/syscall.c:5201 [inline]   __se_sys_bpf kernel/bpf/syscall.c:5199 [inline]   __x64_sys_bpf+0x7c/0x90 kernel/bpf/syscall.c:5199",null,[],[],[],[14],{"_key":15},"CVE-2024-36008",[17],{"_key":18},"DLA-3842-1",[],[],"2024-05-20T10:15:14.703Z","2026-04-28T20:28:03.597065Z",{"cisa_kev":24,"cisa_ransomware":24,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[26],{"url":27,"sources":28,"tags":30},"https://security-tracker.debian.org/tracker/CVE-2024-36008",[29],"osv_debian",[31],"Advisory",[],[],[35],{"source":29,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":36,"cvss_v4_0":9},{"baseScore":37,"baseSeverity":9,"vectorString":38,"impactScore":39,"exploitabilityScore":40},5.5,"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",6,4.6,[42],{"ecosystem":43,"name":44,"vendor":45,"product":44,"cpe_part":9,"purl_type":46,"purl_namespace":45,"purl_name":44,"source":9,"versions":47},"Debian","linux","debian","deb",[48,54,57,60],{"version":49,"is_range":50,"range_type":51,"version_start":9,"version_start_type":9,"version_end":52,"version_end_type":53,"fixed_in":9},"lt5_10_216_1",true,"ecosystem","5.10.216-1","excluding",{"version":55,"is_range":50,"range_type":51,"version_start":9,"version_start_type":9,"version_end":56,"version_end_type":53,"fixed_in":9},"lt6_1_90_1","6.1.90-1",{"version":58,"is_range":50,"range_type":51,"version_start":9,"version_start_type":9,"version_end":59,"version_end_type":53,"fixed_in":9},"lt6_8_9_1","6.8.9-1",{"version":58,"is_range":50,"range_type":51,"version_start":9,"version_start_type":9,"version_end":59,"version_end_type":53,"fixed_in":9}]