Sign-up

ID

VAR-202405-2674


CVE

CVE-2024-36006


TITLE

Linux  of  Linux Kernel  Vulnerabilities in products from multiple vendors such as

Trust: 0.8

sources: JVNDB: JVNDB-2024-029649

DESCRIPTION

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix incorrect list API usage Both the function that migrates all the chunks within a region and the function that migrates all the entries within a chunk call list_first_entry() on the respective lists without checking that the lists are not empty. This is incorrect usage of the API, which leads to the following warning [1]. Fix by returning if the lists are empty as there is nothing to migrate in this case. [1] WARNING: CPU: 0 PID: 6437 at drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c:1266 mlxsw_sp_acl_tcam_vchunk_migrate_all+0x1f1/0> Modules linked in: CPU: 0 PID: 6437 Comm: kworker/0:37 Not tainted 6.9.0-rc3-custom-00883-g94a65f079ef6 #39 Hardware name: Mellanox Technologies Ltd. MSN3700/VMOD0005, BIOS 5.11 01/06/2019 Workqueue: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_work RIP: 0010:mlxsw_sp_acl_tcam_vchunk_migrate_all+0x1f1/0x2c0 [...] Call Trace: <TASK> mlxsw_sp_acl_tcam_vregion_rehash_work+0x6c/0x4a0 process_one_work+0x151/0x370 worker_thread+0x2cb/0x3e0 kthread+0xd0/0x100 ret_from_fork+0x34/0x50 ret_from_fork_asm+0x1a/0x30 </TASK>. Linux of Linux Kernel Unspecified vulnerabilities exist in products from multiple vendors.Service operation interruption (DoS) It may be in a state. The RUGGEDCOM RST2428P is a Layer 2 Ethernet switch based on the SINEC operating system with up to 28 non-blocking interfaces. SCALANCE X switches are used to connect industrial components such as programmable logic controllers (PLCs) or human-machine interfaces (HMIs). Multiple vulnerabilities in third-party components of Siemens' SINEC OS could allow attackers to gain control of the server

Trust: 2.16

sources: NVD: CVE-2024-36006 // JVNDB: JVNDB-2024-029649 // CNVD: CNVD-2025-19346

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-19346

AFFECTED PRODUCTS

vendor:linuxmodel:kernelscope:eqversion:6.9

Trust: 1.8

vendor:linuxmodel:kernelscope:gteversion:5.11

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:6.8.9

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:5.5

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:6.7

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:6.2

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:5.16

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:5.10.216

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:6.1.90

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:5.4.275

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:5.1

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:5.15.158

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:6.6.30

Trust: 1.0

vendor:linuxmodel:kernelscope:eqversion:5.5 that's all 5.10.216

Trust: 0.8

vendor:linuxmodel:kernelscope:eqversion:5.16 that's all 6.1.90

Trust: 0.8

vendor:linuxmodel:kernelscope:eqversion:6.2 that's all 6.6.30

Trust: 0.8

vendor:linuxmodel:kernelscope:eqversion:5.1 that's all 5.4.275

Trust: 0.8

vendor:linuxmodel:kernelscope:eqversion:5.11 that's all 5.15.158

Trust: 0.8

vendor:linuxmodel:kernelscope:eqversion:6.7 that's all 6.8.9

Trust: 0.8

vendor:debianmodel:gnu/linuxscope: - version: -

Trust: 0.8

vendor:siemensmodel:ruggedcom rst2428pscope:ltversion:v3.1

Trust: 0.6

vendor:siemensmodel:scalance xc-300/xr-300/xc-400/xr-500wg/xr-500 familyscope:ltversion:v3.1

Trust: 0.6

vendor:siemensmodel:scalance xcm-/xrm-/xch-/xrh-300 familyscope:ltversion:v3.1

Trust: 0.6

sources: CNVD: CNVD-2025-19346 // JVNDB: JVNDB-2024-029649 // NVD: CVE-2024-36006

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2024-36006
value: MEDIUM

Trust: 1.0

NVD: CVE-2024-36006
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2025-19346
value: HIGH

Trust: 0.6

CNVD: CNVD-2025-19346
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2024-36006
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2024-36006
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-19346 // JVNDB: JVNDB-2024-029649 // NVD: CVE-2024-36006

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-029649 // NVD: CVE-2024-36006

PATCH

title:Linux Kernel Archivesurl:https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

Trust: 0.8

title:Patch for Multiple vulnerabilities in Siemens SINEC OS third-party componentsurl:https://www.cnvd.org.cn/patchInfo/show/723071

Trust: 0.6

sources: CNVD: CNVD-2025-19346 // JVNDB: JVNDB-2024-029649

EXTERNAL IDS

db:NVDid:CVE-2024-36006

Trust: 2.6

db:SIEMENSid:SSA-613116

Trust: 1.6

db:SIEMENSid:SSA-265688

Trust: 1.0

db:JVNDBid:JVNDB-2024-029649

Trust: 0.8

db:CNVDid:CNVD-2025-19346

Trust: 0.6

sources: CNVD: CNVD-2025-19346 // JVNDB: JVNDB-2024-029649 // NVD: CVE-2024-36006

REFERENCES

url:https://cert-portal.siemens.com/productcert/html/ssa-613116.html

Trust: 1.6

url:https://git.kernel.org/stable/c/09846c2309b150b8ce4e0ce96f058197598fc530

Trust: 1.0

url:https://git.kernel.org/stable/c/af8b593c3dd9df82cb199be65863af004b09fd97

Trust: 1.0

url:https://git.kernel.org/stable/c/4526a56e02da3725db979358964df9cd9c567154

Trust: 1.0

url:https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

Trust: 1.0

url:https://git.kernel.org/stable/c/ab4ecfb627338e440ae11def004c524a00d93e40

Trust: 1.0

url:https://git.kernel.org/stable/c/b377add0f0117409c418ddd6504bd682ebe0bf79

Trust: 1.0

url:https://git.kernel.org/stable/c/64435b64e43d8ee60faa46c0cd04e323e8b2a7b0

Trust: 1.0

url:https://cert-portal.siemens.com/productcert/html/ssa-265688.html

Trust: 1.0

url:https://git.kernel.org/stable/c/0b2c13b670b168e324e1cf109e67056a20fd610a

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2024-36006

Trust: 0.8

sources: CNVD: CNVD-2025-19346 // JVNDB: JVNDB-2024-029649 // NVD: CVE-2024-36006

SOURCES

db:CNVDid:CNVD-2025-19346
db:JVNDBid:JVNDB-2024-029649
db:NVDid:CVE-2024-36006

LAST UPDATE DATE

2026-06-18T18:52:14.613000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-19346date:2025-08-22T00:00:00
db:JVNDBid:JVNDB-2024-029649date:2025-12-22T09:02:00
db:NVDid:CVE-2024-36006date:2026-05-12T12:16:47.177

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-19346date:2025-08-12T00:00:00
db:JVNDBid:JVNDB-2024-029649date:2025-12-22T00:00:00
db:NVDid:CVE-2024-36006date:2024-05-20T10:15:14.570