CVE-2024-35902NULL Pointer Dereference in Linux

CWE-476NULL Pointer Dereference28 documents7 sources
Severity
5.5MEDIUMNVD
OSV6.8
EPSS
0.0%
top 94.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
LinuxLinux KernelDebian Linux+1 more
Timeline
PublishedMay 19
Latest updateSep 18

Description

In the Linux kernel, the following vulnerability has been resolved: net/rds: fix possible cp null dereference cp might be null, calling cp->cp_conn would produce null dereference [Simon Horman adds:] Analysis: * cp is a parameter of __rds_rdma_map and is not reassigned. * The following call-sites pass a NULL cp argument to __rds_rdma_map() - rds_get_mr() - rds_get_mr_for_dest * Prior to the code above, the following assumes that cp may be NULL (which is indicative, but could itself be un

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

NVDlinux/linux_kernel4.19.3104.19.312+7
Debianlinux/linux_kernel< 5.10.216-1+3
Ubuntulinux/linux_kernel< 5.15.0-116.126+1
CVEListV5linux/linux786854141057751bc08eb26f1b02e97c1631c8f4d275de8ea7be3a453629fddae41d4156762e814c+9
debiandebian/linux< linux 6.1.85-1 (bookworm)

Also affects: Debian Linux 10.0

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

13
OSV
linux-xilinx-zynqmp vulnerabilities2024-09-18
OSV
linux-gcp-5.15 vulnerabilities2024-07-30
OSV
linux-oracle vulnerabilities2024-07-26
OSV
linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15 vulnerabilities2024-07-26
OSV
linux-aws-5.15 vulnerabilities2024-07-23

📋Vendor Advisories

13
Ubuntu
Linux kernel vulnerabilities2024-09-18
Ubuntu
Linux kernel vulnerabilities2024-07-30
Ubuntu
Linux kernel vulnerabilities2024-07-26
Ubuntu
Linux kernel vulnerabilities2024-07-26
Ubuntu
Linux kernel vulnerabilities2024-07-23

💬Community

1
Bugzilla
CVE-2024-35902 kernel: net/rds: fix possible cp null dereference2024-05-20