Login Sign Up

CVE-2024-36288

5.5 MEDIUM
Denial of Service

📋 TL;DR

This CVE describes a memory access vulnerability in the Linux kernel's SUNRPC implementation where the gss_free_in_token_pages() function incorrectly assumes the in_token->pages[] array is NULL-terminated. This can lead to out-of-bounds memory access and potential kernel memory corruption. Systems running affected Linux kernel versions with SUNRPC/GSS functionality enabled are vulnerable.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Specific affected versions not explicitly stated in CVE, but patches exist for multiple stable branches (see references).
Operating Systems: Linux distributions using vulnerable kernel versions
Default Config Vulnerable: ✅ No
Notes: Only vulnerable if SUNRPC/GSS functionality is enabled and used (e.g., NFS with Kerberos authentication). Many systems may not have this enabled by default.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel memory corruption leading to system crash, denial of service, or potential privilege escalation if combined with other vulnerabilities.

🟠

Likely Case

Kernel panic or system crash resulting in denial of service, potentially triggered during GSS authentication operations.

🟢

If Mitigated

Minimal impact if SUNRPC/GSS functionality is disabled or not in use.

🌐 Internet-Facing: LOW - SUNRPC/GSS is typically used for internal authentication services like NFS with Kerberos, not directly internet-facing.
🏢 Internal Only: MEDIUM - Internal systems using NFS with Kerberos or other GSS-based authentication could experience service disruption.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: NO
Unauthenticated Exploit: ✅ No
Complexity: HIGH - Requires specific conditions and kernel memory manipulation expertise.

Exploitation requires triggering the vulnerable code path during GSS authentication operations.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Multiple stable kernel versions with fixes available (see reference commits).

Vendor Advisory: https://git.kernel.org/stable/c/0a1cb0c6102bb4fd310243588d39461da49497ad

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution vendor. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.

🔧 Temporary Workarounds

Disable SUNRPC/GSS functionality

linux

If not required, disable SUNRPC and GSS authentication modules to prevent vulnerable code execution.

modprobe -r auth_rpcgss
modprobe -r rpcsec_gss_krb5
echo 'blacklist auth_rpcgss' >> /etc/modprobe.d/blacklist.conf
echo 'blacklist rpcsec_gss_krb5' >> /etc/modprobe.d/blacklist.conf

🧯 If You Can't Patch

  • Disable NFS services using Kerberos/GSS authentication
  • Implement network segmentation to isolate systems using vulnerable GSS functionality

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if SUNRPC/GSS modules are loaded: lsmod | grep -E 'auth_rpcgss|rpcsec_gss_krb5'

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is updated to patched version and vulnerable modules are either updated or disabled.

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic logs mentioning SUNRPC, GSS, or KASAN memory access violations
  • System crash/reboot events during authentication operations

Network Indicators:

  • Failed NFS authentication attempts followed by service disruption

SIEM Query:

source="kernel" AND ("KASAN" OR "SUNRPC" OR "gss") AND ("panic" OR "Oops" OR "BUG")

📊 Metadata

CVE ID: CVE-2024-36288
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-835
Published: June 21, 2024
Last Updated: November 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-36288, you might also want to check these:

CVE-2021-42143 9.1

This vulnerability in Contiki-NG tinyDTLS allows remote attackers to cause denial of service and pot...

Same vulnerability type (CWE-835)
CVE-2026-25533 8.8

This vulnerability allows attackers to bypass multiple security layers in Enclave, a JavaScript sand...

Same vulnerability type (CWE-835)
CVE-2023-20083 8.6

A vulnerability in Cisco Firepower Threat Defense (FTD) Software's ICMPv6 inspection with Snort 2 al...

Same vulnerability type (CWE-835)