In the Linux kernel, the following vulnerability has been resolved:
ipv6: sr: fix invalid unregister error path
The error path of seg6_init() is wrong in case CONFIG_IPV6_SEG6_LWTUNNEL
is not defined. In that case if seg6_hmac_init() fails, the
genl_unregister_family() isn't called.
This issue exist since commit 46738b1317e1 ("ipv6: sr: add option to control
lwtunnel support"), and commit 5559cea2d5aa ("ipv6: sr: fix possible
use-after-free and null-ptr-deref") replaced unregister_pernet_subsys()
with genl_unregister_family() in this error path.
CVE-2024-38612 is a Linux kernel flaw in IPv6 Segment Routing initialization error handling. Public data rates it critical, but the source bundle does not show active exploitation or a public weaponized path. Business urgency depends on whether exposed Linux hosts or appliances run affected kernels or vendor firmware.
Executive priority
Prioritize confirmation and patch planning now. The score is critical, but response should be evidence-led: identify affected Linux and appliance assets, apply vendor-supported updates, and avoid emergency assumptions where backports or vendor firmware status are unclear.
Technical view
The issue is in seg6_init() when CONFIG_IPV6_SEG6_LWTUNNEL is not defined. If seg6_hmac_init() fails, genl_unregister_family() is not called. The CVE links this to possible use-after-free and null-pointer dereference classes and provides Linux stable fix commits.
Likely exposure
Likely exposure is Linux systems and embedded appliances using affected kernel versions or downstream vendor builds. The bundle references Linux stable fixes, Debian LTS, and Siemens product advisories. Exposure should be confirmed by kernel version, distribution backport status, and appliance vendor advisory status.
Exploitation context
The CVSS vector is network, low complexity, no privileges, and no user interaction. However, KEV is false and the supplied sources do not state active exploitation. Treat exploitability as serious but not confirmed in the wild from this bundle.
Researcher notes
The vulnerability is an initialization error-path cleanup bug, not a fully described exploit chain in the provided sources. Key research questions are reachable configurations, whether the failure path can be externally triggered, and how downstream vendors backported the stable fixes.
Mitigation direction
Apply the relevant Linux kernel stable update or distribution security update.
Check Debian LTS and appliance vendor advisories for backported fixes.
For Siemens products, follow the specific ProductCERT advisory guidance.
Prioritize externally reachable Linux systems and security appliances for assessment.
Do not assume upstream version numbers alone prove vulnerability after vendor backports.
Validation and detection
Inventory Linux kernel versions across servers, containers hosts, and appliances.
Compare installed kernels with the CVE record and stable fix commits.
Check distribution changelogs for CVE-2024-38612 backports.
Review kernel configuration for IPv6 Segment Routing relevance where available.
Confirm Siemens product exposure against each referenced ProductCERT advisory.
Based on public source material and reviewed before publication.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cwe · low confidence lookup
CWE-416: Exact CWE lookup
Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
1CVSS vectors
3Timeline events
3ADP providers
14Source links
SSVC decision data
CISA-ADPCISA Coordinator
Timestamp
Version
2.0.3
Exploitation: noneAutomatable: yesTechnical Impact: total
CVSS vector scores
1 official score
We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
CWE-416 · source CWE mapping
Use After Free
Use After Free represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.
NULL Pointer Dereference represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.