CVE-2024-39504

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_inner: validate mandatory meta and payload Check for mandatory netlink attributes in payload and meta expression when used embedded from the inner expression, otherwise NULL pointer dereference is possible from userspace.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/39323f54cad29602917848346c71b087da92a19d	Patch
https://git.kernel.org/stable/c/b30669fdea0ca03aa22995e6c99f7e7d9dee89ff	Patch
https://git.kernel.org/stable/c/c4ab9da85b9df3692f861512fe6c9812f38b7471	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.10:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.10:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.10:rc3::::::

History

28 Aug 2024, 19:58

Type	Values Removed	Values Added
First Time		Linux Linux linux Kernel
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfilter: nft_inner: valida meta y payload obligatorias. Comprueba los atributos de enlace de red obligatorios en el payload y la metaexpresión cuando se utilizan incrustados desde la expresión interna; de lo contrario, es posible desreferenciar el puntero NULL desde el espacio de usuario.
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
CPE		cpe:2.3:o:linux:linux_kernel:6.10:rc3:::::: cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.10:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.10:rc2::::::
References	~~() https://git.kernel.org/stable/c/39323f54cad29602917848346c71b087da92a19d -~~	() https://git.kernel.org/stable/c/39323f54cad29602917848346c71b087da92a19d - Patch
References	~~() https://git.kernel.org/stable/c/b30669fdea0ca03aa22995e6c99f7e7d9dee89ff -~~	() https://git.kernel.org/stable/c/b30669fdea0ca03aa22995e6c99f7e7d9dee89ff - Patch
References	~~() https://git.kernel.org/stable/c/c4ab9da85b9df3692f861512fe6c9812f38b7471 -~~	() https://git.kernel.org/stable/c/c4ab9da85b9df3692f861512fe6c9812f38b7471 - Patch
CWE		CWE-476

12 Jul 2024, 13:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-07-12 13:15

Updated : 2024-08-28 19:58

NVD link : CVE-2024-39504

Mitre link : CVE-2024-39504

CVE.ORG link : CVE-2024-39504

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-476

NULL Pointer Dereference

5.5 /10