CVE-2024-36903 Information

Description

In the Linux kernel the following vulnerability has been resolved:

ipv6: Fix potential uninit-value access in __ip6_make_skb()

As it was done in commit fc1092f51567 (\ipv4: Fix uninit-value access in __ip_make_skb()) for IPv4 check FLOWI_FLAG_KNOWN_NH on fl6->flowi6_flags instead of testing HDRINCL on the socket to avoid a race condition which causes uninit-value access.

Reference

https://git.kernel.org/stable/c/68c8ba16ab712eb709c6bab80ff151079d11d97a https://git.kernel.org/stable/c/2367bf254f3a27ecc6e229afd7a8b0a1395f7be3 https://git.kernel.org/stable/c/4e13d3a9c25b7080f8a619f961e943fe08c2672c