CVE-2024-26924 — NULL Pointer Dereference in Linux
Severity
5.9MEDIUMNVD
OSV7.5OSV7.0OSV5.5
EPSS
0.2%
top 61.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedApr 25
Latest updateJul 30
Description
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_set_pipapo: do not free live element
Pablo reports a crash with large batches of elements with a
back-to-back add/remove pattern. Quoting Pablo:
add_elem("00000000") timeout 100 ms
...
add_elem("0000000X") timeout 100 ms
del_elem("0000000X") <---------------- delete one that was just added
...
add_elem("00005000") timeout 100 ms
1) nft_pipapo_remove() removes element 0000000X
Then, KASAN shows a splat.
Lookin…
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6
Affected Packages5 packages
▶CVEListV5linux/linux3c4287f62044a90e73a561aa05fc46e62da173da — e3b887a9c11caf8357a821260e095f2a694a34f2+6
Also affects: Debian Linux 10.0