[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-DEBIAN-CVE-2024-36901":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T14:53:31.930Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":16,"duplicates":19,"related":20,"reserved_at":9,"published_at":21,"modified_at":22,"state":9,"summary":23,"references_raw":25,"kevs":32,"epss":9,"epss_history":33,"metrics":34,"affected":41},"DEBIAN-CVE-2024-36901","In the Linux kernel, the following vulnerability has been resolved:  ipv6: prevent NULL dereference in ip6_output()  According to syzbot, there is a chance that ip6_dst_idev() returns NULL in ip6_output(). Most places in IPv6 stack deal with a NULL idev just fine, but not here.  syzbot reported:  general protection fault, probably for non-canonical address 0xdffffc00000000bc: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range [0x00000000000005e0-0x00000000000005e7] CPU: 0 PID: 9775 Comm: syz-executor.4 Not tainted 6.9.0-rc5-syzkaller-00157-g6a30653b604a #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024  RIP: 0010:ip6_output+0x231/0x3f0 net/ipv6/ip6_output.c:237 Code: 3c 1e 00 49 89 df 74 08 4c 89 ef e8 19 58 db f7 48 8b 44 24 20 49 89 45 00 49 89 c5 48 8d 9d e0 05 00 00 48 89 d8 48 c1 e8 03 \u003C42> 0f b6 04 38 84 c0 4c 8b 74 24 28 0f 85 61 01 00 00 8b 1b 31 ff RSP: 0018:ffffc9000927f0d8 EFLAGS: 00010202 RAX: 00000000000000bc RBX: 00000000000005e0 RCX: 0000000000040000 RDX: ffffc900131f9000 RSI: 0000000000004f47 RDI: 0000000000004f48 RBP: 0000000000000000 R08: ffffffff8a1f0b9a R09: 1ffffffff1f51fad R10: dffffc0000000000 R11: fffffbfff1f51fae R12: ffff8880293ec8c0 R13: ffff88805d7fc000 R14: 1ffff1100527d91a R15: dffffc0000000000 FS:  00007f135c6856c0(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020000080 CR3: 0000000064096000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace:  \u003CTASK>   NF_HOOK include/linux/netfilter.h:314 [inline]   ip6_xmit+0xefe/0x17f0 net/ipv6/ip6_output.c:358   sctp_v6_xmit+0x9f2/0x13f0 net/sctp/ipv6.c:248   sctp_packet_transmit+0x26ad/0x2ca0 net/sctp/output.c:653   sctp_packet_singleton+0x22c/0x320 net/sctp/outqueue.c:783   sctp_outq_flush_ctrl net/sctp/outqueue.c:914 [inline]   sctp_outq_flush+0x6d5/0x3e20 net/sctp/outqueue.c:1212   sctp_side_effects net/sctp/sm_sideeffect.c:1198 [inline]   sctp_do_sm+0x59cc/0x60c0 net/sctp/sm_sideeffect.c:1169   sctp_primitive_ASSOCIATE+0x95/0xc0 net/sctp/primitive.c:73   __sctp_connect+0x9cd/0xe30 net/sctp/socket.c:1234   sctp_connect net/sctp/socket.c:4819 [inline]   sctp_inet_connect+0x149/0x1f0 net/sctp/socket.c:4834   __sys_connect_file net/socket.c:2048 [inline]   __sys_connect+0x2df/0x310 net/socket.c:2065   __do_sys_connect net/socket.c:2075 [inline]   __se_sys_connect net/socket.c:2072 [inline]   __x64_sys_connect+0x7a/0x90 net/socket.c:2072   do_syscall_x64 arch/x86/entry/common.c:52 [inline]   do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83  entry_SYSCALL_64_after_hwframe+0x77/0x7f",null,[],[],[],[14],{"_key":15},"CVE-2024-36901",[17],{"_key":18},"DSA-5747-1",[],[],"2024-05-30T16:15:13.680Z","2026-04-28T20:28:05.789556Z",{"cisa_kev":24,"cisa_ransomware":24,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[26],{"url":27,"sources":28,"tags":30},"https://security-tracker.debian.org/tracker/CVE-2024-36901",[29],"osv_debian",[31],"Advisory",[],[],[35],{"source":29,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":36,"cvss_v4_0":9},{"baseScore":37,"baseSeverity":9,"vectorString":38,"impactScore":39,"exploitabilityScore":40},5.5,"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",6,4.6,[42],{"ecosystem":43,"name":44,"vendor":45,"product":44,"cpe_part":9,"purl_type":46,"purl_namespace":45,"purl_name":44,"source":9,"versions":47},"Debian","linux","debian","deb",[48,54,57,60],{"version":49,"is_range":50,"range_type":51,"version_start":9,"version_start_type":9,"version_end":52,"version_end_type":53,"fixed_in":9},"lt5_10_223_1",true,"ecosystem","5.10.223-1","excluding",{"version":55,"is_range":50,"range_type":51,"version_start":9,"version_start_type":9,"version_end":56,"version_end_type":53,"fixed_in":9},"lt6_1_94_1","6.1.94-1",{"version":58,"is_range":50,"range_type":51,"version_start":9,"version_start_type":9,"version_end":59,"version_end_type":53,"fixed_in":9},"lt6_8_11_1","6.8.11-1",{"version":58,"is_range":50,"range_type":51,"version_start":9,"version_start_type":9,"version_end":59,"version_end_type":53,"fixed_in":9}]