CVE-2024-38612

Home/CVE/In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix invalid unregister error path The er

CVE

In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix invalid unregister error path The er

In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix invalid unregister error path The error path of seg6_init() is wrong in case CONFIG_IPV6_SEG6_LWTUNNEL is not defined. In that case if seg6_hmac_init() fails, the genl_unregister_family() isn't called. This issue exist since commit 46738b1317e1 ("ipv6: sr: add option to control lwtunnel support"), and commit 5559cea2d5aa ("ipv6: sr: fix possible use-after-free and null-ptr-deref") replaced unregister_pernet_subsys() with genl_unregister_family() in this error path.

CRITICAL · CVSS 9.8 EPSS 0.00181

Schedule remediation

SSVC automatable: yes - attacks can be scripted at scale
CVSS base score ≥ 7.0

Sigma rules0 YARA rules0

Look this up elsewhere - one-click external pivots

NVD CVE.org CISA Vulners Exploit-DB GitHub PoC VulnCheck KEV GreyNoise

▸ How to read a CVE - triage first, then detect and patch

This page is every public fact about CVE-2024-38612, cross-linked. Its job is to answer one question fast - does this need my attention now? - and then hand you the two things you do about it. Here is how an analyst reads it.

Triage: should I act now? Four signals, and they are not interchangeable:

CVSSseverity - how bad it is IF exploited, 0-10. A high CVSS alone is not urgency; a flaw can be a perfect 10 and never actually be attacked. EPSSprobability - a model’s estimate of the chance it is exploited in the next 30 days, 0-1. This is the “will it actually happen” signal. CISA KEVconfirmed - it is being exploited in the wild right now. The strongest signal on the page; KEV beats any score. Weaponisedavailability - public exploits / PoCs, and especially Metasploit modules rated Excellent / Great. Reliable, packaged exploit code means low-skill attackers can use it today.

How they combine: KEV, or a dependable Metasploit module, means patch now regardless of CVSS. High CVSS + low EPSS + no exploit is real but not an emergency - schedule it. Low CVSS but KEV-listed still gets patched now. The verdict above already weighed these for you; this is how it got there.

Then what - two workflows:

Detectwhen you cannot patch today, follow this CVE to the ATT&CK techniques it enables, then Build a SIEM detection (the green button) - author a rule, test it in Atomic, deploy it. That buys visibility while the patch waits. PatchAffected products / packages tell you if you are exposed; Fixed versions by distribution and Vendor advisories give the exact version that closes it.

Reading order for the panels below: verdict + badges, then Public exploits / Metasploit (is it weaponised), then ATT&CK techniques + Sigma / IDS rules (can I detect it), then Affected products / packages + Fixed versions (am I exposed, what patches it), then Threat actors / IOCs (who uses it), then Scoring & timeline / references (the evidence).

View attack path from CVE-2024-38612

◆

ATT&CK techniques

Techniques this CVE enables - linked via CWECAPECATT&CK. High◆ = named directly in ATT&CK or Nuclei templates.

T1190 · Exploit Public-Facing Application

▤ Build a SIEM detection for these techniques

⬡

Weakness Classification

CWE-416Use After Free

CWE-476NULL Pointer Dereference

▤

Affected Products & Versions

linux kernel>= 4.10 and < 4.19.316
linux kernel>= 4.20 and < 5.4.278
linux kernel>= 5.5 and < 5.10.219
linux kernel>= 5.11 and < 5.15.161
linux kernel>= 5.16 and < 6.1.93
linux kernel>= 6.2 and < 6.6.33
linux kernel>= 6.7 and < 6.8.12
linux kernel>= 6.9 and < 6.9.3

▤

Affected Packages

Language-ecosystem packages (from OSV) tied to this CVE, with the version that fixes it - the dependency-level detail NVD doesn’t carry.

Debian:11 linux fixed in 5.10.221-1

Ubuntu:14.04:LTS linux fixed in 3.11.0-12.19

Ubuntu:14.04:LTS linux-aws fixed in 4.4.0-1002.2

Ubuntu:14.04:LTS linux-lts-xenial fixed in 4.4.0-13.29~14.04.1

Ubuntu:16.04:LTS linux fixed in 4.4.0-2.16

Ubuntu:16.04:LTS linux-aws fixed in 4.4.0-1001.10

Ubuntu:16.04:LTS linux-kvm fixed in 4.4.0-1004.9

Ubuntu:20.04:LTS linux fixed in 5.4.0-192.212

Ubuntu:20.04:LTS linux-aws fixed in 5.4.0-1130.140

Ubuntu:20.04:LTS linux-aws-5.11

Ubuntu:20.04:LTS linux-aws-5.13

Ubuntu:20.04:LTS linux-aws-5.15 fixed in 5.15.0-1069.75~20.04.1

Ubuntu:20.04:LTS linux-aws-5.8

Ubuntu:20.04:LTS linux-azure fixed in 5.4.0-1135.142

Ubuntu:20.04:LTS linux-azure-5.11

Ubuntu:20.04:LTS linux-azure-5.13

Ubuntu:20.04:LTS linux-azure-5.15 fixed in 5.15.0-1072.81~20.04.1

Ubuntu:20.04:LTS linux-azure-5.8

Ubuntu:20.04:LTS linux-azure-fde

Ubuntu:20.04:LTS linux-azure-fde-5.15 fixed in 5.15.0-1072.81~20.04.1.1

Ubuntu:20.04:LTS linux-bluefield fixed in 5.4.0-1090.97

Ubuntu:20.04:LTS linux-gcp fixed in 5.4.0-1134.143

Ubuntu:20.04:LTS linux-gcp-5.11

Ubuntu:20.04:LTS linux-gcp-5.13

Ubuntu:20.04:LTS linux-gcp-5.15 fixed in 5.15.0-1068.76~20.04.1

Ubuntu:20.04:LTS linux-gcp-5.8

Ubuntu:20.04:LTS linux-gke

Ubuntu:20.04:LTS linux-gke-5.15

Ubuntu:20.04:LTS linux-gkeop fixed in 5.4.0-1097.101

Ubuntu:20.04:LTS linux-gkeop-5.15 fixed in 5.15.0-1052.59~20.04.1

📦

Fixed versions by distribution

The package version that resolves this CVE on each Linux distribution, from the vendor’s published security data. fixed in shows a patched version exists; open means the package is listed as affected with no fix yet.
oracle allkernel-uek open
oracle allkernel-uek-container fixed in 0:5.4.17-2136.334.6.el8
oracle allkernel-uek-container-debug open
oracle allkernel-uek-debug fixed in 0:4.14.35-2047.540.4.1.el7uek
oracle allkernel-uek-debug-devel fixed in 0:4.14.35-2047.540.4.1.el7uek
oracle allkernel-uek-devel fixed in 0:4.14.35-2047.540.4.1.el7uek
oracle allkernel-uek-headers open
oracle allkernel-uek-tools fixed in 0:4.14.35-2047.540.4.1.el7uek
oracle allkernel-uek-tools-libs open
oracle allkernel-uek-tools-libs-devel fixed in 0:4.14.35-2047.540.4.1.el7uek
oracle allperf fixed in 0:4.14.35-2047.540.4.1.el7uek
oracle allpython-perf open
rhel 9bpftool fixed in 0:7.4.0-503.11.1.el9_5
rhel 9kernel fixed in 0:5.14.0-503.11.1.el9_5
rhel 9kernel-64k open
rhel 9kernel-64k-core open
rhel 9kernel-64k-debug open
rhel 9kernel-64k-debug-core fixed in 0:5.14.0-503.11.1.el9_5
rhel 9kernel-64k-debug-devel open
rhel 9kernel-64k-debug-devel-matched open
rhel 9kernel-64k-debug-modules fixed in 0:5.14.0-503.11.1.el9_5
rhel 9kernel-64k-debug-modules-core open
rhel 9kernel-64k-debug-modules-extra open
rhel 9kernel-64k-devel open
rhel 9kernel-64k-devel-matched open
rhel 9kernel-64k-modules fixed in 0:5.14.0-503.11.1.el9_5
rhel 9kernel-64k-modules-core open
rhel 9kernel-64k-modules-extra fixed in 0:5.14.0-503.11.1.el9_5
rhel 9kernel-abi-stablelists open
rhel 9kernel-core fixed in 0:5.14.0-503.11.1.el9_5
rhel 9kernel-debug open
rhel 9kernel-debug-core open
rhel 9kernel-debug-devel fixed in 0:5.14.0-503.11.1.el9_5
rhel 9kernel-debug-devel-matched open
rhel 9kernel-debug-modules open
rhel 9kernel-debug-modules-core open
rhel 9kernel-debug-modules-extra fixed in 0:5.14.0-503.11.1.el9_5
rhel 9kernel-debug-uki-virt fixed in 0:5.14.0-503.11.1.el9_5
rhel 9kernel-devel open
rhel 9kernel-devel-matched open
rhel 9kernel-modules open
rhel 9kernel-modules-core open
rhel 9kernel-modules-extra fixed in 0:5.14.0-503.11.1.el9_5
rhel 9kernel-rt fixed in 0:5.14.0-503.11.1.el9_5
rhel 9kernel-rt-core open
rhel 9kernel-rt-debug fixed in 0:5.14.0-503.11.1.el9_5
rhel 9kernel-rt-debug-core open
rhel 9kernel-rt-debug-devel open
rhel 9kernel-rt-debug-kvm fixed in 0:5.14.0-503.11.1.el9_5
rhel 9kernel-rt-debug-modules fixed in 0:5.14.0-503.11.1.el9_5
rhel 9kernel-rt-debug-modules-core fixed in 0:5.14.0-503.11.1.el9_5
rhel 9kernel-rt-debug-modules-extra fixed in 0:5.14.0-503.11.1.el9_5
rhel 9kernel-rt-devel fixed in 0:5.14.0-503.11.1.el9_5
rhel 9kernel-rt-kvm fixed in 0:5.14.0-503.11.1.el9_5
rhel 9kernel-rt-modules fixed in 0:5.14.0-503.11.1.el9_5
rhel 9kernel-rt-modules-core fixed in 0:5.14.0-503.11.1.el9_5
rhel 9kernel-rt-modules-extra open
rhel 9kernel-tools fixed in 0:5.14.0-503.11.1.el9_5
rhel 9kernel-tools-libs fixed in 0:5.14.0-503.11.1.el9_5
rhel 9kernel-tools-libs-devel fixed in 0:5.14.0-503.11.1.el9_5
rhel 9kernel-uki-virt open
rhel 9kernel-uki-virt-addons open
rhel 9kernel-zfcpdump fixed in 0:5.14.0-503.11.1.el9_5
rhel 9kernel-zfcpdump-core open
rhel 9kernel-zfcpdump-devel fixed in 0:5.14.0-503.11.1.el9_5
rhel 9kernel-zfcpdump-devel-matched open
rhel 9kernel-zfcpdump-modules open
rhel 9kernel-zfcpdump-modules-core fixed in 0:5.14.0-503.11.1.el9_5
rhel 9kernel-zfcpdump-modules-extra fixed in 0:5.14.0-503.11.1.el9_5
rhel 9libperf open
rhel 9perf fixed in 0:5.14.0-503.11.1.el9_5
rhel 9python3-perf fixed in 0:5.14.0-503.11.1.el9_5
rhel 9rtla fixed in 0:5.14.0-503.11.1.el9_5
rhel 9rv fixed in 0:5.14.0-503.11.1.el9_5
suse sle15cluster-md-kmp-default open
suse sle15dlm-kmp-default open
suse sle15gfs2-kmp-default open
suse sle15kernel-default open
suse sle15kernel-default-base open
suse sle15kernel-default-devel open

▣

Scoring & Timeline

9.8

CRITICAL · CVSS v3.1 · 416baaa9-dc9f-4396-8d5f-8c081fb06d67

View on NVD

Attack Vector

Network Adjacent Local Physical

Attack Complexity

Low High

Privileges Required

None Low High

User Interaction

None Required

Scope

Unchanged Changed

Confidentiality

None Low High

Integrity

None Low High

Availability

None Low High

Published to NVD19 Jun 2024 · 02:15 PM

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SSVC triage · cisa-vulnrichment

Exploitation

none

Automatable

yes

Technical impact

total

SSVC asks the questions that actually drive patch urgency: is it being exploited, can attacks be automated, and how total is the impact.

⚑

Vendor Advisories

rhsaRHSA-2024:9315Low
siemens-csafSSA-613116
usnUSN-7009-2
usnUSN-7007-3
usnUSN-7007-2
Show all 23 vendor advisoriesusnUSN-7019-1
usnUSN-7009-1
usnUSN-7007-1
usnUSN-6979-1
usnUSN-6951-4
usnUSN-6951-3
usnUSN-6951-2
usnUSN-6949-2
usnUSN-6955-1
usnUSN-6953-1
usnUSN-6952-1
usnUSN-6951-1
usnUSN-6949-1
siemens-csafSSA-265688
siemens-csafSSA-398330
cisa-csafcisa-csaf-csaf_files-OT-white-2023-icsa-23-348-10
cisa-csafcisa-csaf-csaf_files-OT-white-2024-icsa-24-102-01
cisa-csafcisa-csaf-csaf_files-OT-white-2025-icsa-25-226-15

🔗

References & Sources

Source URLs (vendor pages, mailing lists, write-ups). Exploit/PoC links are in their own section above to avoid duplication.

https://git.kernel.org/stable/c/00e6335329f23ac6cf3105931691674e28bc598cPatch

https://git.kernel.org/stable/c/10610575a3ac2a702bf5c57aa931beaf847949c7Patch

https://git.kernel.org/stable/c/160e9d2752181fcf18c662e74022d77d3164cd45Patch

https://git.kernel.org/stable/c/1a63730fb315bb1bab97edd69ff58ad45e04bb01Patch

https://git.kernel.org/stable/c/3398a40dccb88d3a7eef378247a023a78472db66Patch

https://git.kernel.org/stable/c/646cd236c55e2cb5f146fc41bbe4034c4af5b2a4Patch

Show all 13 references

https://git.kernel.org/stable/c/85a70ff1e572160f1eeb096ed48d09a1c9d4d89aPatch

https://git.kernel.org/stable/c/c04d6a914e890ccea4a9d11233009a2ee7978bf4Patch

https://git.kernel.org/stable/c/e77a3ec7ada84543e75722a1283785a6544de925Patch

https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

https://cert-portal.siemens.com/productcert/html/ssa-265688.html

https://cert-portal.siemens.com/productcert/html/ssa-398330.html

https://cert-portal.siemens.com/productcert/html/ssa-613116.html