CVE-2024-26595NULL Pointer Dereference in Linux

CWE-476NULL Pointer Dereference29 documents7 sources
Severity
5.5MEDIUMNVD
OSV7.5OSV6.5
EPSS
0.0%
top 99.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
LinuxLinux KernelDebian Linux+1 more
Timeline
PublishedFeb 23
Latest updateFeb 3

Description

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix NULL pointer dereference in error path When calling mlxsw_sp_acl_tcam_region_destroy() from an error path after failing to attach the region to an ACL group, we hit a NULL pointer dereference upon 'region->group->tcam' [1]. Fix by retrieving the 'tcam' pointer using mlxsw_sp_acl_to_tcam(). [1] BUG: kernel NULL pointer dereference, address: 0000000000000000 [...] RIP: 0010:mlxsw_sp_acl_tcam_regio

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages6 packages

NVDlinux/linux_kernel4.11.06.6.14+1
Debianlinux/linux_kernel< 6.1.123-1+2
Ubuntulinux/linux_kernel< 4.15.0-233.245
CVEListV5linux/linux22a677661f5624539d394f681276171f92d714df75fa2d8b3c0175b519c99ace54ab8474cfd0077e+4
debiandebian/linux< linux 6.1.123-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

14
OSV
linux-azure vulnerabilities2025-02-03
OSV
linux-azure, linux-azure-4.15 vulnerabilities2025-01-30
OSV
linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle vulnerabilities2025-01-28
OSV
linux-oracle-6.5 vulnerabilities2024-06-26
OSV
linux-hwe-6.5 vulnerabilities2024-06-18

📋Vendor Advisories

13
Ubuntu
Linux kernel (Azure) vulnerabilities2025-02-03
Ubuntu
Linux kernel (Azure) vulnerabilities2025-01-30
Ubuntu
Linux kernel vulnerabilities2025-01-28
Ubuntu
Linux kernel (Oracle) vulnerabilities2024-06-26
Ubuntu
Linux kernel (HWE) vulnerabilities2024-06-18

💬Community

1
Bugzilla
CVE-2024-26595 kernel: mlxsw: spectrum_acl_tcam: Fix NULL pointer dereference in error path2024-02-24