CVE-2024-26735 — Use After Free in Linux

CWE-416 — Use After Free CWE-476 — NULL Pointer Dereference27 documents8 sources

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 92.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Netapp E-series Santricity OS Controller +1 more

Timeline

PublishedApr 3

Latest updateAug 2

Description

In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix possible use-after-free and null-ptr-deref The pernet operations structure for the subsystem must be registered before registering the generic netlink family.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

▶NVDlinux/linux_kernel4.10 — 4.19.308+7

▶Debianlinux/linux_kernel< 5.10.216-1+3

▶CVEListV5linux/linux915d7e5e5930b4f01d0971d93b9b25ed17d221aa — 953f42934533c151f440cd32390044d2396b87aa+8

▶NVDnetapp/e-series_santricity_os_controller11.0.0 — 11.70.2

Also affects: Debian Linux 10.0

Patches

Patch: git.kernel.org ↗Patch: git.kernel.org ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

CVEList

ipv6: sr: fix possible use-after-free and null-ptr-deref↗2024-04-03

▶

OSV

CVE-2024-26735: In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix possible use-after-free and null-ptr-deref The pernet operations str↗2024-04-03

▶

GHSA

GHSA-vmh5-6rg4-ggmq: In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix possible use-after-free and null-ptr-deref The pernet operations s↗2024-04-03

▶

📋Vendor Advisories

Ubuntu

Linux kernel vulnerabilities↗2024-08-02

▶

Ubuntu

Linux kernel vulnerabilities↗2024-07-26

▶

Ubuntu

Linux kernel vulnerabilities↗2024-07-19

▶

Ubuntu

Linux kernel vulnerabilities↗2024-07-17

▶

Ubuntu

Linux kernel vulnerabilities↗2024-07-16

▶

💬Community

Bugzilla

CVE-2024-26735 kernel: ipv6: sr: fix possible use-after-free and null-ptr-deref↗2024-04-04

▶