CVE-2024-26855NULL Pointer Dereference in Linux

CWE-476NULL Pointer DereferenceCWE-690Unchecked Return Value to NULL Pointer Dereference36 documents7 sources
Severity
5.5MEDIUMNVD
OSV7.0OSV6.5
EPSS
0.0%
top 98.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
LinuxLinux KernelDebian Linux+1 more
Timeline
PublishedApr 17
Latest updateJul 26

Description

In the Linux kernel, the following vulnerability has been resolved: net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink() The function ice_bridge_setlink() may encounter a NULL pointer dereference if nlmsg_find_attr() returns NULL and br_spec is dereferenced subsequently in nla_for_each_nested(). To address this issue, add a check to ensure that br_spec is not NULL before proceeding with the nested attribute iteration.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

NVDlinux/linux_kernel4.205.4.272+6
Debianlinux/linux_kernel< 5.10.216-1+3
Ubuntulinux/linux_kernel< 5.4.0-189.209+1
CVEListV5linux/linuxb1edc14a3fbfe0154a2aecb8bb9775c3012cb6e2d9fefc51133107e59d192d773be86c1150cfeebb+7
debiandebian/linux< linux 6.1.82-1 (bookworm)

Also affects: Debian Linux 10.0

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

17
OSV
linux-raspi vulnerabilities2024-07-26
OSV
linux-aws, linux-aws-5.4, linux-iot vulnerabilities2024-07-23
OSV
linux-raspi, linux-raspi-5.4 vulnerabilities2024-07-19
OSV
linux-oracle, linux-xilinx-zynqmp vulnerabilities2024-07-17
OSV
linux-hwe-5.4, linux-oracle-5.4 vulnerabilities2024-07-16

📋Vendor Advisories

17
Ubuntu
Linux kernel vulnerabilities2024-07-26
Ubuntu
Linux kernel vulnerabilities2024-07-23
Ubuntu
Linux kernel vulnerabilities2024-07-19
Ubuntu
Linux kernel vulnerabilities2024-07-17
Ubuntu
Linux kernel vulnerabilities2024-07-16

💬Community

1
Bugzilla
CVE-2024-26855 kernel: net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink()2024-04-17