LiveActive security incident?Get immediate response
CVE Record

CVE-2024-38612: ipv6: sr: fix invalid unregister error path

In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix invalid unregister error path The error path of seg6_init() is wrong in case CONFIG_IPV6_SEG6_LWTUNNEL is not defined. In that case if seg6_hmac_init() fails, the genl_unregister_family() isn't called. This issue exist since commit 46738b1317e1 ("ipv6: sr: add option to control lwtunnel support"), and commit 5559cea2d5aa ("ipv6: sr: fix possible use-after-free and null-ptr-deref") replaced unregister_pernet_subsys() with genl_unregister_family() in this error path.

CriticalCVSS 9.8Not KEV-listedUpdated
Glexia's Takecritical

Analyst readout for executives and security teams

Plain-English summary

CVE-2024-38612 is a Linux kernel flaw in IPv6 Segment Routing initialization error handling. Public data rates it critical, but the source bundle does not show active exploitation or a public weaponized path. Business urgency depends on whether exposed Linux hosts or appliances run affected kernels or vendor firmware.

Executive priority

Prioritize confirmation and patch planning now. The score is critical, but response should be evidence-led: identify affected Linux and appliance assets, apply vendor-supported updates, and avoid emergency assumptions where backports or vendor firmware status are unclear.

Technical view

The issue is in seg6_init() when CONFIG_IPV6_SEG6_LWTUNNEL is not defined. If seg6_hmac_init() fails, genl_unregister_family() is not called. The CVE links this to possible use-after-free and null-pointer dereference classes and provides Linux stable fix commits.

Likely exposure

Likely exposure is Linux systems and embedded appliances using affected kernel versions or downstream vendor builds. The bundle references Linux stable fixes, Debian LTS, and Siemens product advisories. Exposure should be confirmed by kernel version, distribution backport status, and appliance vendor advisory status.

Exploitation context

The CVSS vector is network, low complexity, no privileges, and no user interaction. However, KEV is false and the supplied sources do not state active exploitation. Treat exploitability as serious but not confirmed in the wild from this bundle.

Researcher notes

The vulnerability is an initialization error-path cleanup bug, not a fully described exploit chain in the provided sources. Key research questions are reachable configurations, whether the failure path can be externally triggered, and how downstream vendors backported the stable fixes.

Mitigation direction

  • Apply the relevant Linux kernel stable update or distribution security update.
  • Check Debian LTS and appliance vendor advisories for backported fixes.
  • For Siemens products, follow the specific ProductCERT advisory guidance.
  • Prioritize externally reachable Linux systems and security appliances for assessment.
  • Do not assume upstream version numbers alone prove vulnerability after vendor backports.

Validation and detection

  • Inventory Linux kernel versions across servers, containers hosts, and appliances.
  • Compare installed kernels with the CVE record and stable fix commits.
  • Check distribution changelogs for CVE-2024-38612 backports.
  • Review kernel configuration for IPv6 Segment Routing relevance where available.
  • Confirm Siemens product exposure against each referenced ProductCERT advisory.
Prepared
Confidence
medium
Sources
12

Based on public source material and reviewed before publication.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cwe · low confidence lookup

CWE-416: Exact CWE lookup

Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.

Open ATT&CK lookup
cwe · low confidence lookup

CWE-476: Exact CWE lookup

Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.

Open ATT&CK lookup
cve · low confidence lookup

CVE-2024-38612 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Critical
CVSS
9.8 (3.1)
Known Exploited
No
Published

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

1CVSS vectors
3Timeline events
3ADP providers
14Source links

SSVC decision data

CISA-ADPCISA Coordinator
Timestamp
Version
2.0.3
Exploitation: noneAutomatable: yesTechnical Impact: total

CVSS vector scores

1 official score

We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.

ScoreVersionSeverityVectorExploitImpactSource
9.8CVSS 3.1CriticalCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H3.95.9CISA-ADP

Vulnerability scoring details

Base CVSS 3.1 score

9.8Critical
CVSS 3.1 vector shape for CVE-2024-38612Attack VectorAttack ComplexityPrivileges RequiredUser InteractionScopeConfidentiality ImpactIntegrity ImpactAvailability Impact

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector
NetworkAdjacentLocalPhysical
Attack Complexity
LowHigh
Privileges Required
NoneLowHigh
User Interaction
NoneRequired
Scope
ChangedUnchanged
Confidentiality Impact
HighLowNone
Integrity Impact
HighLowNone
Availability Impact
HighLowNone

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

ADP provider summaries

CISA-ADPCISA ADP Vulnrichment
cvssV3_1other:ssvc
CVECVE Program Container
siemens-SADPADP container
Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
LinuxLinux46738b1317e169b281ad74690276916e24d1be6d, 46738b1317e169b281ad74690276916e24d1be6d, 46738b1317e169b281ad74690276916e24d1be6d, 46738b1317e169b281ad74690276916e24d1be6d, 46738b1317e169b281ad74690276916e24d1be6d, 46738b1317e169b281ad74690276916e24d1be6d, 46738b1317e169b281ad74690276916e24d1be6d, 46738b1317e169b281ad74690276916e24d1be6d, 46738b1317e169b281ad74690276916e24d1be6dunaffected
LinuxLinux4.10, 0, 4.19.316, 5.4.278, 5.10.219, 5.15.161, 6.1.93, 6.6.33, 6.8.12, 6.9.3, 6.10affected
Weakness

CWE details

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.

CWE-416 · source CWE mapping

Use After Free

Use After Free represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.

CWE-476 · source CWE mapping

NULL Pointer Dereference

NULL Pointer Dereference represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.