CVE-2024-36899
high
CVSS v3
7.0
CVSS v4 NEW
โ
VIR risk
7.0
Description
Important: kernel security update
Predictions
Exploit likelihood
69%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
OS impact
Linux kernel Affected 2 releases
| Version | Status | Fixed in |
|---|---|---|
| 6.9 | Affected | โ |
| โ | Affected | 6.6.31 |
SUSE Affected 1 release
| Version | Status | Fixed in |
|---|---|---|
| โ | Affected | โ |
AlmaLinux Fixed 1 release
| Version | Status | Fixed in |
|---|---|---|
| 9 | Fixed | kernel-64k-devel-matched-5.14.0-427.37.1.el9_4.aarch64.rpm |
Debian Fixed 5 releases
| Version | Status | Fixed in |
|---|---|---|
| trixie | Fixed | 6.8.11-1 |
| sid | Fixed | 6.8.11-1 |
| forky | Fixed | 6.8.11-1 |
| bullseye | Fixed | 5.10.234-1 |
| bookworm | Fixed | 6.1.128-1 |
Red Hat Fixed 1 release
| Version | Status | Fixed in |
|---|---|---|
| 9 | Fixed | โ |
References
- https://access.redhat.com/errata/RHSA-2024:6997
- https://git.kernel.org/stable/c/02f6b0e1ec7e0e7d059dddc893645816552039da
- https://git.kernel.org/stable/c/2d008d4961b039d2edce8976289773961b7e5fb5
- https://git.kernel.org/stable/c/2dfbb920a89bdc58087672ad5325dc6c588b6860
- https://git.kernel.org/stable/c/95ca7c90eaf5ea8a8460536535101e3e81160e2a
- https://git.kernel.org/stable/c/ca710b5f40b8b16fdcad50bebd47f50e4c62d239
- https://git.kernel.org/stable/c/d38c49f7bdf14381270736299e2ff68ec248a017
- https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
- https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
- https://cert-portal.siemens.com/productcert/html/ssa-265688.html
- https://www.suse.com/security/cve/CVE-2024-36899.html
- https://security-tracker.debian.org/tracker/CVE-2024-36899
- https://bugzilla.redhat.com/2265271
- https://bugzilla.redhat.com/2273270
- https://bugzilla.redhat.com/2278167
- https://bugzilla.redhat.com/2278245
- https://bugzilla.redhat.com/2278248
- https://bugzilla.redhat.com/2278250
- https://bugzilla.redhat.com/2278252
- https://bugzilla.redhat.com/2278318
- https://bugzilla.redhat.com/2281677
- https://bugzilla.redhat.com/2283894
- https://bugzilla.redhat.com/2284549
- https://bugzilla.redhat.com/2293348
- https://bugzilla.redhat.com/2293364
CWEs
CWE-362 CWE-416
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.