In the Linux kernel, the following vulnerability has been resolved:
keys: Fix overwrite of key expiration on instantiation
The expiry time of a key is unconditionally overwritten during
instantiation, defaulting to turn it permanent. This causes a problem
for DNS resolution as the expiration set by user-space is overwritten to
TIME64_MAX, disabling further DNS updates. Fix this by restoring the
condition that key_set_expiry is only called when the pre-parser sets a
specific expiry.
References
Configurations
No configuration.
History
21 Nov 2024, 09:21
Type | Values Removed | Values Added |
---|---|---|
References | () https://git.kernel.org/stable/c/25777f3f4e1f371d16a594925f31e37ce07b6ec7 - | |
References | () https://git.kernel.org/stable/c/939a08bcd4334bad4b201e60bd0ae1f278d71d41 - | |
References | () https://git.kernel.org/stable/c/9da27fb65a14c18efd4473e2e82b76b53ba60252 - | |
References | () https://git.kernel.org/stable/c/ad2011ea787928b2accb5134f1e423b11fe80a8a - | |
References | () https://git.kernel.org/stable/c/cc219cb8afbc40ec100c0de941047bb29373126a - | |
References | () https://git.kernel.org/stable/c/e4519a016650e952ad9eb27937f8c447d5a4e06d - | |
References | () https://git.kernel.org/stable/c/ed79b93f725cd0da39a265dc23d77add1527b9be - |
15 Jul 2024, 07:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
03 Jul 2024, 02:02
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-324 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
27 Jun 2024, 14:15
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
References |
|
30 May 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-05-30 16:15
Updated : 2024-11-21 09:21
NVD link : CVE-2024-36031
Mitre link : CVE-2024-36031
CVE.ORG link : CVE-2024-36031
JSON object : View
Products Affected
No product.
CWE
CWE-324
Use of a Key Past its Expiration Date