Login Sign Up

CVE-2024-36971

7.8 HIGH
Denial of Service

📋 TL;DR

This CVE describes a use-after-free vulnerability in the Linux kernel's networking subsystem where __dst_negative_advice() improperly handles RCU rules when clearing socket destination cache entries. This allows attackers to potentially crash systems or execute arbitrary code by exploiting race conditions in UDP socket handling. All Linux systems using affected kernel versions are vulnerable.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Specific affected versions not explicitly stated in CVE description; check kernel commit history for exact ranges
Operating Systems: Linux distributions using vulnerable kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability specifically affects UDP socket handling; becomes visible after specific kernel commit mentioned in description.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel memory corruption leading to arbitrary code execution with kernel privileges, resulting in complete system compromise.

🟠

Likely Case

Kernel panic or system crash causing denial of service, potentially leading to privilege escalation in sophisticated attacks.

🟢

If Mitigated

Limited impact with proper network segmentation and minimal UDP services exposed.

🌐 Internet-Facing: MEDIUM - Requires UDP socket access which is common for internet-facing services like DNS, NTP, or VPNs.
🏢 Internal Only: MEDIUM - Internal systems with UDP services could be targeted by authenticated attackers.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: HIGH - Requires race condition exploitation and UDP socket access

Exploitation requires UDP socket access and precise timing to trigger the race condition.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions with fixes from the provided git commit hashes

Vendor Advisory: https://git.kernel.org/stable/c/051c0bde9f0450a2ec3d62a86d2a0d2fad117f13

Restart Required: Yes

Instructions:

1. Check current kernel version with 'uname -r'. 2. Update kernel using distribution's package manager (apt/yum/dnf). 3. Reboot system to load patched kernel. 4. Verify fix with 'uname -r' and check against patched versions.

🔧 Temporary Workarounds

Disable unnecessary UDP services

linux

Reduce attack surface by disabling UDP services not required for system operation

systemctl stop [udp-service]
systemctl disable [udp-service]

Network segmentation

linux

Restrict UDP traffic to trusted networks only using firewall rules

iptables -A INPUT -p udp -s [trusted-network] -j ACCEPT
iptables -A INPUT -p udp -j DROP

🧯 If You Can't Patch

  • Implement strict network access controls to limit UDP traffic to essential services only
  • Monitor systems for kernel crashes or unusual UDP socket activity

🔍 How to Verify

Check if Vulnerable:

Check kernel version against affected ranges and verify if system uses UDP sockets extensively

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is updated to include the fix commits: 051c0bde9f0450a2ec3d62a86d2a0d2fad117f13 or other listed commits

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic logs
  • Unexpected system crashes
  • High UDP socket creation/destruction rates

Network Indicators:

  • Unusual UDP traffic patterns to kernel-exposed services
  • Multiple UDP connection attempts with timing patterns

SIEM Query:

source="kernel" AND ("panic" OR "oops") OR (protocol="UDP" AND rate_threshold>1000)

📊 Metadata

CVE ID: CVE-2024-36971
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-416
Published: June 10, 2024
Last Updated: November 5, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-36971, you might also want to check these:

CVE-2025-24085 10.0

This CVE describes a use-after-free vulnerability (CWE-416) in Apple operating systems that allows m...

Same vulnerability type (CWE-416)
CVE-2024-43102 10.0

This CVE describes a use-after-free vulnerability in FreeBSD's umtx (user mutex) subsystem where con...

Same vulnerability type (CWE-416)
CVE-2021-33796 10.0

CVE-2021-33796 is a use-after-free vulnerability in MuJS's regexp source property access that can le...

Same vulnerability type (CWE-416)