CVE-2024-27414 — Improper Authentication in Linux
Severity
5.5MEDIUMNVD
OSV7.8OSV7.0OSV6.5
EPSS
0.0%
top 94.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 17
Latest updateAug 14
Description
In the Linux kernel, the following vulnerability has been resolved:
rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back
In the commit d73ef2d69c0d ("rtnetlink: let rtnl_bridge_setlink checks
IFLA_BRIDGE_MODE length"), an adjustment was made to the old loop logic
in the function `rtnl_bridge_setlink` to enable the loop to also check
the length of the IFLA_BRIDGE_MODE attribute. However, this adjustment
removed the `break` statement and led to an error logic of the flags
writing back at…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages5 packages
▶CVEListV5linux/linuxad46d4861ed36315d3d9e838723ba3e367ecc042 — b9fbc44159dfc3e9a7073032752d9e03f5194a6f+8
Also affects: Debian Linux 10.0
Patches
🔴Vulnerability Details
15📋Vendor Advisories
15💬Community
1Bugzilla
▶