CVE-2024-26596 — Linux vulnerability

6 documents6 sources

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 95.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux +5 more

Timeline

PublishedFeb 23

Latest updateJun 12

Description

In the Linux kernel, the following vulnerability has been resolved: net: dsa: fix netdev_priv() dereference before check on non-DSA netdevice events After the blamed commit, we started doing this dereference for every NETDEV_CHANGEUPPER and NETDEV_PRECHANGEUPPER event in the system. static inline struct dsa_port *dsa_user_to_port(const struct net_device *dev) { struct dsa_user_priv *p = netdev_priv(dev); return p->dp; } Which is obviously bogus, because not all net_devices have a netdev_pri…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages9 packages

▶NVDlinux/linux_kernel6.1.0 — 6.7.2

▶Debianlinux/linux_kernel< 6.1.129-1+2

▶msrcmsrc/azl3_kernel_6.6.57.1-1_on_azure_linux_3.0

▶msrcmsrc/azl3_kernel_6.6.92.2-1_on_azure_linux_3.0

▶CVEListV5linux/linux4c3f80d22b2eca911143ce656fa45c4699ff5bf4 — 9e9953f5e4d6d11a9dad56fdee307bb923302809+4

Patches

Patch: git.kernel.org ↗Patch: git.kernel.org ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

GHSA

GHSA-3g6v-v5hj-c234: In the Linux kernel, the following vulnerability has been resolved: net: dsa: fix netdev_priv() dereference before check on non-DSA netdevice events↗2024-02-23

▶

OSV

CVE-2024-26596: In the Linux kernel, the following vulnerability has been resolved: net: dsa: fix netdev_priv() dereference before check on non-DSA netdevice events A↗2024-02-23

▶

📋Vendor Advisories

CISA ICS

Siemens SIMATIC S7-1500 CPU Family↗2025-06-12

▶

Microsoft

net: dsa: fix netdev_priv() dereference before check on non-DSA netdevice events↗2024-02-13

▶

Debian

CVE-2024-26596: linux - In the Linux kernel, the following vulnerability has been resolved: net: dsa: f...↗2024

▶