CVE-2024-36031
CVSS v3.1
9.8 (Critical)
EPSS
0.04 % (11th)
Advisories
12
NVD Status
Awaiting Analysis
In the Linux kernel, the following vulnerability has been resolved:
keys: Fix overwrite of key expiration on instantiation
The expiry time of a key is unconditionally overwritten during
instantiation, defaulting to turn it permanent. This causes a problem
for DNS resolution as the expiration set by user-space is overwritten to
TIME64_MAX, disabling further DNS updates. Fix this by restoring the
condition that key_set_expiry is only called when the pre-parser sets a
specific expiry.
Weaknesses
- CWE-324
- Use of a Key Past its Expiration Date
- CVE Status
- PUBLISHED
- NVD Status
- Awaiting Analysis
- CNA
- kernel.org
- Published Date
-
2024-05-30 16:15:11
(3 months ago) - Updated Date
-
2024-07-15 07:15:04
(2 months ago)
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...