5.5

CVE-2024-26735

ipv6: sr: fix possible use-after-free and null-ptr-deref

In the Linux kernel, the following vulnerability has been resolved:

ipv6: sr: fix possible use-after-free and null-ptr-deref

The pernet operations structure for the subsystem must be registered
before registering the generic netlink family.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.10 < 4.19.308
LinuxLinux Kernel Version >= 4.20 < 5.4.270
LinuxLinux Kernel Version >= 5.5 < 5.10.211
LinuxLinux Kernel Version >= 5.11 < 5.15.150
LinuxLinux Kernel Version >= 5.16 < 6.1.80
LinuxLinux Kernel Version >= 6.2 < 6.6.19
LinuxLinux Kernel Version >= 6.7 < 6.7.7
LinuxLinux Kernel Version6.8 Updaterc1
LinuxLinux Kernel Version6.8 Updaterc2
LinuxLinux Kernel Version6.8 Updaterc3
LinuxLinux Kernel Version6.8 Updaterc4
LinuxLinux Kernel Version6.8 Updaterc5
DebianDebian Linux Version10.0
Netapp8300 Firmware Version-
   Netapp8300
Netapp8700 Firmware Version-
   Netapp8700
NetappA400 Firmware Version-
   NetappA400
NetappC400 Firmware Version-
   NetappC400
NetappH610c Firmware Version-
   NetappH610c
NetappH610s Firmware Version-
   NetappH610s
NetappH615c Firmware Version-
   NetappH615c
NetappE-series Santricity Os Controller Version >= 11.0.0 <= 11.70.2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.27% 0.187
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
Mailing List
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
Mailing List
https://git.kernel.org/stable/c/02b08db594e8218cfbc0e4680d4331b457968a9b
Patch
https://git.kernel.org/stable/c/5559cea2d5aa3018a5f00dd2aca3427ba09b386b
Patch
https://git.kernel.org/stable/c/65c38f23d10ff79feea1e5d50b76dc7af383c1e6
Patch
https://git.kernel.org/stable/c/82831e3ff76ef09fb184eb93b79a3eb3fb284f1d
Patch
https://git.kernel.org/stable/c/8391b9b651cfdf80ab0f1dc4a489f9d67386e197
Patch
https://git.kernel.org/stable/c/91b020aaa1e59bfb669d34c968e3db3d5416bcee
Patch
https://git.kernel.org/stable/c/953f42934533c151f440cd32390044d2396b87aa
Patch
https://git.kernel.org/stable/c/9e02973dbc6a91e40aa4f5d87b8c47446fbfce44
Patch
https://security.netapp.com/advisory/ntap-20241101-0012/
Third Party Advisory