Executive Summary

Name CVE-2024-36891 First vendor Publication 2024-05-30
Vendor Cve Last vendor Modification 2024-06-16

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Overall CVSS Score 5.5
Base Score 5.5 Environmental Score 5.5
impact SubScore 3.6 Temporal Score 5.5
Exploitabality Sub Score 1.8
Attack Vector Local Attack Complexity Low
Privileges Required Low User Interaction None
Scope Unchanged Confidentiality Impact None
Integrity Impact None Availability Impact High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores


In the Linux kernel, the following vulnerability has been resolved:

maple_tree: fix mas_empty_area_rev() null pointer dereference

Currently the code calls mas_start() followed by mas_data_end() if the maple state is MA_START, but mas_start() may return with the maple state node == NULL. This will lead to a null pointer dereference when checking information in the NULL node, which is done in mas_data_end().

Avoid setting the offset if there is no node by waiting until after the maple state is checked for an empty or single entry state.

A user could trigger the events to cause a kernel oops by unmapping all vmas to produce an empty maple tree, then mapping a vma that would cause the scenario described above.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36891

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-476 NULL Pointer Dereference

CPE : Common Platform Enumeration

Application 8
Os 3562

Sources (Detail)

Source Url

Alert History

If you want to see full details history, please login or register.
Date Informations
2024-06-16 17:27:30
  • Multiple Updates
2024-06-11 00:27:39
  • Multiple Updates
2024-05-31 00:27:31
  • Multiple Updates
2024-05-30 21:27:23
  • First insertion