{"api_version":"1","generated_at":"2026-07-06T15:22:30+00:00","cve":"CVE-2024-36288","urls":{"html":"https://cve.report/CVE-2024-36288","api":"https://cve.report/api/cve/CVE-2024-36288.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2024-36288","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2024-36288"},"summary":{"title":"SUNRPC: Fix loop termination condition in gss_free_in_token_pages()","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nSUNRPC: Fix loop termination condition in gss_free_in_token_pages()\n\nThe in_token->pages[] array is not NULL terminated. This results in\nthe following KASAN splat:\n\n  KASAN: maybe wild-memory-access in range [0x04a2013400000008-0x04a201340000000f]","state":"PUBLISHED","assigner":"Linux","published_at":"2024-06-21 12:15:10","updated_at":"2026-05-12 12:16:48"},"problem_types":["CWE-835"],"metrics":[{"version":"3.1","source":"nvd@nist.gov","type":"Primary","score":"5.5","severity":"MEDIUM","vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"}}],"references":[{"url":"https://git.kernel.org/stable/c/6ed45d20d30005bed94c8c527ce51d5ad8121018","name":"https://git.kernel.org/stable/c/6ed45d20d30005bed94c8c527ce51d5ad8121018","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/57ff6c0a175930856213b2aa39f8c845a53e5b1c","name":"https://git.kernel.org/stable/c/57ff6c0a175930856213b2aa39f8c845a53e5b1c","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/0a1cb0c6102bb4fd310243588d39461da49497ad","name":"https://git.kernel.org/stable/c/0a1cb0c6102bb4fd310243588d39461da49497ad","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/4a77c3dead97339478c7422eb07bf4bf63577008","name":"https://git.kernel.org/stable/c/4a77c3dead97339478c7422eb07bf4bf63577008","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://cert-portal.siemens.com/productcert/html/ssa-265688.html","name":"https://cert-portal.siemens.com/productcert/html/ssa-265688.html","refsource":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/f9977e4e0cd98a5f06f2492b4f3547db58deabf5","name":"https://git.kernel.org/stable/c/f9977e4e0cd98a5f06f2492b4f3547db58deabf5","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://cert-portal.siemens.com/productcert/html/ssa-613116.html","name":"https://cert-portal.siemens.com/productcert/html/ssa-613116.html","refsource":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/b4878ea99f2b40ef1925720b1b4ca7f4af1ba785","name":"https://git.kernel.org/stable/c/b4878ea99f2b40ef1925720b1b4ca7f4af1ba785","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/af628d43a822b78ad8d4a58d8259f8bf8bc71115","name":"https://git.kernel.org/stable/c/af628d43a822b78ad8d4a58d8259f8bf8bc71115","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html","name":"https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/4cefcd0af7458bdeff56a9d8dfc6868ce23d128a","name":"https://git.kernel.org/stable/c/4cefcd0af7458bdeff56a9d8dfc6868ce23d128a","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2024-36288","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-36288","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected ab8466d4e26806a4ae82c282762c4545eecf45ef 57ff6c0a175930856213b2aa39f8c845a53e5b1c git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 4420b73c7f26fd5fcb37bbce5313dd356ef1b3ca 6ed45d20d30005bed94c8c527ce51d5ad8121018 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected f148a95f68c66c1b097391b68e153d5a46f0e780 4cefcd0af7458bdeff56a9d8dfc6868ce23d128a git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected fe0b474974fee7af1df286e0edd5a1460c811865 b4878ea99f2b40ef1925720b1b4ca7f4af1ba785 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected c1d8c429e4d2ce85ec5c92cf71cb419baf75c56f af628d43a822b78ad8d4a58d8259f8bf8bc71115 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 8ca148915670a2921afcc255af9e1dc80f37b052 0a1cb0c6102bb4fd310243588d39461da49497ad git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected bafa6b4d95d97877baa61883ff90f7e374427fae 4a77c3dead97339478c7422eb07bf4bf63577008 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected a3c1afd5d7ad59e34a275d80c428952f83c8c1f0 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 6.9.3 6.9.4 semver","platforms":[]},{"source":"ADP","vendor":"Siemens","product":"RUGGEDCOM RST2428P","version":"affected V3.1 custom","platforms":[]},{"source":"ADP","vendor":"Siemens","product":"SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family","version":"unaffected * custom","platforms":[]},{"source":"ADP","vendor":"Siemens","product":"SCALANCE XCM-/XRM-/XCH-/XRH-300 family","version":"affected V3.1 custom","platforms":[]},{"source":"ADP","vendor":"Siemens","product":"SIMATIC S7-1500 TM MFP - GNU/Linux subsystem","version":"affected * custom","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2024","cve_id":"36288","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"36288","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"6.10.0","cpe7":"rc1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2024","cve_id":"36288","cve":"CVE-2024-36288","epss":"0.000080000","percentile":"0.007150000","score_date":"2026-05-12","updated_at":"2026-05-13 00:11:53"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2024-36288","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2024-06-21T13:05:00.955390Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2024-06-21T13:05:08.602Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"},{"providerMetadata":{"dateUpdated":"2025-11-04T17:21:10.146Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_transferred"],"url":"https://git.kernel.org/stable/c/57ff6c0a175930856213b2aa39f8c845a53e5b1c"},{"tags":["x_transferred"],"url":"https://git.kernel.org/stable/c/6ed45d20d30005bed94c8c527ce51d5ad8121018"},{"tags":["x_transferred"],"url":"https://git.kernel.org/stable/c/4cefcd0af7458bdeff56a9d8dfc6868ce23d128a"},{"tags":["x_transferred"],"url":"https://git.kernel.org/stable/c/b4878ea99f2b40ef1925720b1b4ca7f4af1ba785"},{"tags":["x_transferred"],"url":"https://git.kernel.org/stable/c/f9977e4e0cd98a5f06f2492b4f3547db58deabf5"},{"tags":["x_transferred"],"url":"https://git.kernel.org/stable/c/af628d43a822b78ad8d4a58d8259f8bf8bc71115"},{"tags":["x_transferred"],"url":"https://git.kernel.org/stable/c/0a1cb0c6102bb4fd310243588d39461da49497ad"},{"tags":["x_transferred"],"url":"https://git.kernel.org/stable/c/4a77c3dead97339478c7422eb07bf4bf63577008"},{"url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"}],"title":"CVE Program Container"},{"affected":[{"defaultStatus":"unknown","product":"RUGGEDCOM RST2428P","vendor":"Siemens","versions":[{"lessThan":"V3.1","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family","vendor":"Siemens","versions":[{"lessThan":"*","status":"unaffected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"SCALANCE XCM-/XRM-/XCH-/XRH-300 family","vendor":"Siemens","versions":[{"lessThan":"V3.1","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"SIMATIC S7-1500 TM MFP - GNU/Linux subsystem","vendor":"Siemens","versions":[{"lessThan":"*","status":"affected","version":"0","versionType":"custom"}]}],"providerMetadata":{"dateUpdated":"2026-05-12T11:53:48.880Z","orgId":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e","shortName":"siemens-SADP"},"references":[{"url":"https://cert-portal.siemens.com/productcert/html/ssa-265688.html"},{"url":"https://cert-portal.siemens.com/productcert/html/ssa-613116.html"}],"x_adpType":"supplier"}],"cna":{"affected":[{"defaultStatus":"unaffected","product":"Linux","programFiles":["net/sunrpc/auth_gss/svcauth_gss.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","vendor":"Linux","versions":[{"lessThan":"57ff6c0a175930856213b2aa39f8c845a53e5b1c","status":"affected","version":"ab8466d4e26806a4ae82c282762c4545eecf45ef","versionType":"git"},{"lessThan":"6ed45d20d30005bed94c8c527ce51d5ad8121018","status":"affected","version":"4420b73c7f26fd5fcb37bbce5313dd356ef1b3ca","versionType":"git"},{"lessThan":"4cefcd0af7458bdeff56a9d8dfc6868ce23d128a","status":"affected","version":"f148a95f68c66c1b097391b68e153d5a46f0e780","versionType":"git"},{"lessThan":"b4878ea99f2b40ef1925720b1b4ca7f4af1ba785","status":"affected","version":"fe0b474974fee7af1df286e0edd5a1460c811865","versionType":"git"},{"lessThan":"af628d43a822b78ad8d4a58d8259f8bf8bc71115","status":"affected","version":"c1d8c429e4d2ce85ec5c92cf71cb419baf75c56f","versionType":"git"},{"lessThan":"0a1cb0c6102bb4fd310243588d39461da49497ad","status":"affected","version":"8ca148915670a2921afcc255af9e1dc80f37b052","versionType":"git"},{"lessThan":"4a77c3dead97339478c7422eb07bf4bf63577008","status":"affected","version":"bafa6b4d95d97877baa61883ff90f7e374427fae","versionType":"git"},{"status":"affected","version":"a3c1afd5d7ad59e34a275d80c428952f83c8c1f0","versionType":"git"}]},{"defaultStatus":"unaffected","product":"Linux","programFiles":["net/sunrpc/auth_gss/svcauth_gss.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","vendor":"Linux","versions":[{"lessThan":"6.9.4","status":"affected","version":"6.9.3","versionType":"semver"}]}],"cpeApplicability":[{"nodes":[{"cpeMatch":[{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.9.4","versionStartIncluding":"6.9.3","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.8.12","vulnerable":true}],"negate":false,"operator":"OR"}]}],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nSUNRPC: Fix loop termination condition in gss_free_in_token_pages()\n\nThe in_token->pages[] array is not NULL terminated. This results in\nthe following KASAN splat:\n\n  KASAN: maybe wild-memory-access in range [0x04a2013400000008-0x04a201340000000f]"}],"providerMetadata":{"dateUpdated":"2026-05-11T20:16:07.913Z","orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux"},"references":[{"url":"https://git.kernel.org/stable/c/57ff6c0a175930856213b2aa39f8c845a53e5b1c"},{"url":"https://git.kernel.org/stable/c/6ed45d20d30005bed94c8c527ce51d5ad8121018"},{"url":"https://git.kernel.org/stable/c/4cefcd0af7458bdeff56a9d8dfc6868ce23d128a"},{"url":"https://git.kernel.org/stable/c/b4878ea99f2b40ef1925720b1b4ca7f4af1ba785"},{"url":"https://git.kernel.org/stable/c/af628d43a822b78ad8d4a58d8259f8bf8bc71115"},{"url":"https://git.kernel.org/stable/c/0a1cb0c6102bb4fd310243588d39461da49497ad"},{"url":"https://git.kernel.org/stable/c/4a77c3dead97339478c7422eb07bf4bf63577008"}],"title":"SUNRPC: Fix loop termination condition in gss_free_in_token_pages()","x_generator":{"engine":"bippy-1.2.0"}}},"cveMetadata":{"assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","assignerShortName":"Linux","cveId":"CVE-2024-36288","datePublished":"2024-06-21T11:18:46.152Z","dateReserved":"2024-06-21T11:16:40.621Z","dateUpdated":"2026-05-12T11:53:48.880Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2024-06-21 12:15:10","lastModifiedDate":"2026-05-12 12:16:48","problem_types":["CWE-835"],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.9.4","matchCriteriaId":"329978FD-8C0A-434C-8A41-06341C7675F9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.10.0:rc1:*:*:*:*:*:*","matchCriteriaId":"C40DD2D9-90E3-4E95-9F1A-E7C680F11F2A"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2024","CveId":"36288","Ordinal":"1","Title":"SUNRPC: Fix loop termination condition in gss_free_in_token_page","CVE":"CVE-2024-36288","Year":"2024"},"notes":[{"CveYear":"2024","CveId":"36288","Ordinal":"1","NoteData":"In the Linux kernel, the following vulnerability has been resolved:\n\nSUNRPC: Fix loop termination condition in gss_free_in_token_pages()\n\nThe in_token->pages[] array is not NULL terminated. This results in\nthe following KASAN splat:\n\n  KASAN: maybe wild-memory-access in range [0x04a2013400000008-0x04a201340000000f]","Type":"Description","Title":"SUNRPC: Fix loop termination condition in gss_free_in_token_page"}]}}}