CVE-2024-36288
Detail
Modified After Enrichment This CVE record has been updated after NVD enrichment efforts were completed. Enrichment data supplied by the NVD may require amendment due to these changes.
Description
In the Linux kernel, the following vulnerability has been resolved:
SUNRPC: Fix loop termination condition in gss_free_in_token_pages()
The in_token->pages[] array is not NULL terminated. This results in
the following KASAN splat:
KASAN: maybe wild-memory-access in range [0x04a2013400000008-0x04a201340000000f]
Metrics
CVSS Version 4.0
CVSS Version 3.x
CVSS Version 2.0
NVD enrichment efforts reference publicly available information to associate
vector strings. CVSS information contributed by other sources is also
displayed.
CVSS 4.0 Severity and Vector Strings:
NVD assessment
not yet provided.
CVSS 3.x Severity and Vector Strings:
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVSS 2.0 Severity and Vector Strings:
NVD assessment
not yet provided.
References to Advisories, Solutions, and Tools
By selecting these links, you will be leaving NIST webspace.
We have provided these links to other web sites because they
may have information that would be of interest to you. No
inferences should be drawn on account of other sites being
referenced, or not, from this page. There may be other web
sites that are more appropriate for your purpose. NIST does
not necessarily endorse the views expressed, or concur with
the facts presented on these sites. Further, NIST does not
endorse any commercial products that may be mentioned on
these sites. Please address comments about this page to [email protected]
Weakness Enumeration
CWE-ID
CWE Name
Source
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
NIST
Change History
11 change records found show changes
CVE Modified by siemens-SADP
6/17/2026 3:36:26 AM
Action
Type
Old Value
New Value
Added
Affected
[{"vendor":"Siemens","product":"RUGGEDCOM RST2428P","defaultStatus":"unknown","versions":[{"version":"0","lessThan":"V3.1","versionType":"custom","status":"affected"}]},{"vendor":"Siemens","product":"SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family","defaultStatus":"unknown","versions":[{"version":"0","lessThan":"*","versionType":"custom","status":"unaffected"}]},{"vendor":"Siemens","product":"SCALANCE XCM-/XRM-/XCH-/XRH-300 family","defaultStatus":"unknown","versions":[{"version":"0","lessThan":"V3.1","versionType":"custom","status":"affected"}]},{"vendor":"Siemens","product":"SIMATIC S7-1500 TM MFP - GNU/Linux subsystem","defaultStatus":"unknown","versions":[{"version":"0","lessThan":"*","versionType":"custom","status":"affected"}]}]
CVE Modified by CISA-ADP
6/17/2026 3:36:26 AM
Action
Type
Old Value
New Value
Added
SSVC
{"timestamp":"2024-06-21T13:05:00.955390Z","id":"CVE-2024-36288","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}
CVE Modified by kernel.org
6/17/2026 3:36:26 AM
Action
Type
Old Value
New Value
Added
Affected
[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/sunrpc/auth_gss/svcauth_gss.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"ab8466d4e26806a4ae82c282762c4545eecf45ef","lessThan":"57ff6c0a175930856213b2aa39f8c845a53e5b1c","versionType":"git","status":"affected"},{"version":"4420b73c7f26fd5fcb37bbce5313dd356ef1b3ca","lessThan":"6ed45d20d30005bed94c8c527ce51d5ad8121018","versionType":"git","status":"affected"},{"version":"f148a95f68c66c1b097391b68e153d5a46f0e780","lessThan":"4cefcd0af7458bdeff56a9d8dfc6868ce23d128a","versionType":"git","status":"affected"},{"version":"fe0b474974fee7af1df286e0edd5a1460c811865","lessThan":"b4878ea99f2b40ef1925720b1b4ca7f4af1ba785","versionType":"git","status":"affected"},{"version":"c1d8c429e4d2ce85ec5c92cf71cb419baf75c56f","lessThan":"af628d43a822b78ad8d4a58d8259f8bf8bc71115","versionType":"git","status":"affected"},{"version":"8ca148915670a2921afcc255af9e1dc80f37b052","lessThan":"0a1cb0c6102bb4fd310243588d39461da49497ad","versionType":"git","status":"affected"},{"version":"bafa6b4d95d97877baa61883ff90f7e374427fae","lessThan":"4a77c3dead97339478c7422eb07bf4bf63577008","versionType":"git","status":"affected"},{"version":"a3c1afd5d7ad59e34a275d80c428952f83c8c1f0","versionType":"git","status":"affected"},{"version":"6.8.12","lessThan":"6.9","versionType":"semver","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/sunrpc/auth_gss/svcauth_gss.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.9.3","lessThan":"6.9.4","versionType":"semver","status":"affected"}]}]
CVE Modified by siemens-SADP
5/12/2026 8:16:48 AM
Action
Type
Old Value
New Value
Added
Reference
https://cert-portal.siemens.com/productcert/html/ssa-265688.html
Added
Reference
https://cert-portal.siemens.com/productcert/html/ssa-613116.html
CVE Modified by CVE
11/04/2025 1:16:24 PM
Action
Type
Old Value
New Value
Added
Reference
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
CVE Modified by kernel.org
6/19/2025 9:15:40 AM
Action
Type
Old Value
New Value
Removed
Reference
https://git.kernel.org/stable/c/f9977e4e0cd98a5f06f2492b4f3547db58deabf5
Removed
Reference Type
https://git.kernel.org/stable/c/f9977e4e0cd98a5f06f2492b4f3547db58deabf5 Types: Mailing List, Patch
CVE Modified by CVE
11/21/2024 4:21:59 AM
Action
Type
Old Value
New Value
Added
Reference
https://git.kernel.org/stable/c/0a1cb0c6102bb4fd310243588d39461da49497ad
Added
Reference
https://git.kernel.org/stable/c/4a77c3dead97339478c7422eb07bf4bf63577008
Added
Reference
https://git.kernel.org/stable/c/4cefcd0af7458bdeff56a9d8dfc6868ce23d128a
Added
Reference
https://git.kernel.org/stable/c/57ff6c0a175930856213b2aa39f8c845a53e5b1c
Added
Reference
https://git.kernel.org/stable/c/6ed45d20d30005bed94c8c527ce51d5ad8121018
Added
Reference
https://git.kernel.org/stable/c/af628d43a822b78ad8d4a58d8259f8bf8bc71115
Added
Reference
https://git.kernel.org/stable/c/b4878ea99f2b40ef1925720b1b4ca7f4af1ba785
Added
Reference
https://git.kernel.org/stable/c/f9977e4e0cd98a5f06f2492b4f3547db58deabf5
CVE Modified by kernel.org
7/15/2024 3:15:05 AM
Action
Type
Old Value
New Value
Removed
Reference
kernel.org https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
CVE Modified by kernel.org
6/27/2024 9:15:59 AM
Action
Type
Old Value
New Value
Added
Reference
kernel.org https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html [No types assigned]
Initial Analysis by NIST
6/24/2024 2:39:00 PM
Action
Type
Old Value
New Value
Added
CVSS V3.1
NIST AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Added
CWE
NIST CWE-835
Added
CPE Configuration
OR
*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to (excluding) 6.9.4
*cpe:2.3:o:linux:linux_kernel:6.10.0:rc1:*:*:*:*:*:*
Changed
Reference Type
https://git.kernel.org/stable/c/0a1cb0c6102bb4fd310243588d39461da49497ad No Types Assigned
https://git.kernel.org/stable/c/0a1cb0c6102bb4fd310243588d39461da49497ad Mailing List, Patch
Changed
Reference Type
https://git.kernel.org/stable/c/4a77c3dead97339478c7422eb07bf4bf63577008 No Types Assigned
https://git.kernel.org/stable/c/4a77c3dead97339478c7422eb07bf4bf63577008 Mailing List, Patch
Changed
Reference Type
https://git.kernel.org/stable/c/4cefcd0af7458bdeff56a9d8dfc6868ce23d128a No Types Assigned
https://git.kernel.org/stable/c/4cefcd0af7458bdeff56a9d8dfc6868ce23d128a Mailing List, Patch
Changed
Reference Type
https://git.kernel.org/stable/c/57ff6c0a175930856213b2aa39f8c845a53e5b1c No Types Assigned
https://git.kernel.org/stable/c/57ff6c0a175930856213b2aa39f8c845a53e5b1c Mailing List, Patch
Changed
Reference Type
https://git.kernel.org/stable/c/6ed45d20d30005bed94c8c527ce51d5ad8121018 No Types Assigned
https://git.kernel.org/stable/c/6ed45d20d30005bed94c8c527ce51d5ad8121018 Mailing List, Patch
Changed
Reference Type
https://git.kernel.org/stable/c/af628d43a822b78ad8d4a58d8259f8bf8bc71115 No Types Assigned
https://git.kernel.org/stable/c/af628d43a822b78ad8d4a58d8259f8bf8bc71115 Mailing List, Patch
Changed
Reference Type
https://git.kernel.org/stable/c/b4878ea99f2b40ef1925720b1b4ca7f4af1ba785 No Types Assigned
https://git.kernel.org/stable/c/b4878ea99f2b40ef1925720b1b4ca7f4af1ba785 Mailing List, Patch
Changed
Reference Type
https://git.kernel.org/stable/c/f9977e4e0cd98a5f06f2492b4f3547db58deabf5 No Types Assigned
https://git.kernel.org/stable/c/f9977e4e0cd98a5f06f2492b4f3547db58deabf5 Mailing List, Patch
New CVE Received from kernel.org
6/21/2024 8:15:10 AM
Action
Type
Old Value
New Value
Added
Description
In the Linux kernel, the following vulnerability has been resolved:
SUNRPC: Fix loop termination condition in gss_free_in_token_pages()
The in_token->pages[] array is not NULL terminated. This results in
the following KASAN splat:
KASAN: maybe wild-memory-access in range [0x04a2013400000008-0x04a201340000000f]
Added
Reference
kernel.org https://git.kernel.org/stable/c/0a1cb0c6102bb4fd310243588d39461da49497ad [No types assigned]
Added
Reference
kernel.org https://git.kernel.org/stable/c/4a77c3dead97339478c7422eb07bf4bf63577008 [No types assigned]
Added
Reference
kernel.org https://git.kernel.org/stable/c/4cefcd0af7458bdeff56a9d8dfc6868ce23d128a [No types assigned]
Added
Reference
kernel.org https://git.kernel.org/stable/c/57ff6c0a175930856213b2aa39f8c845a53e5b1c [No types assigned]
Added
Reference
kernel.org https://git.kernel.org/stable/c/6ed45d20d30005bed94c8c527ce51d5ad8121018 [No types assigned]
Added
Reference
kernel.org https://git.kernel.org/stable/c/af628d43a822b78ad8d4a58d8259f8bf8bc71115 [No types assigned]
Added
Reference
kernel.org https://git.kernel.org/stable/c/b4878ea99f2b40ef1925720b1b4ca7f4af1ba785 [No types assigned]
Added
Reference
kernel.org https://git.kernel.org/stable/c/f9977e4e0cd98a5f06f2492b4f3547db58deabf5 [No types assigned]
Quick Info
CVE Dictionary Entry: CVE-2024-36288 NVD
Published Date: 06/21/2024 NVD
Last Modified: 06/17/2026
Source: kernel.org
) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
