5.5
CVE-2024-26735
- EPSS 0.27%
- Veröffentlicht 03.04.2024 17:15:51
- Zuletzt bearbeitet 17.03.2025 16:05:01
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
ipv6: sr: fix possible use-after-free and null-ptr-deref
In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix possible use-after-free and null-ptr-deref The pernet operations structure for the subsystem must be registered before registering the generic netlink family.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 4.10 < 4.19.308
Linux ≫ Linux Kernel Version >= 4.20 < 5.4.270
Linux ≫ Linux Kernel Version >= 5.5 < 5.10.211
Linux ≫ Linux Kernel Version >= 5.11 < 5.15.150
Linux ≫ Linux Kernel Version >= 5.16 < 6.1.80
Linux ≫ Linux Kernel Version >= 6.2 < 6.6.19
Linux ≫ Linux Kernel Version >= 6.7 < 6.7.7
Linux ≫ Linux Kernel Version6.8 Updaterc1
Linux ≫ Linux Kernel Version6.8 Updaterc2
Linux ≫ Linux Kernel Version6.8 Updaterc3
Linux ≫ Linux Kernel Version6.8 Updaterc4
Linux ≫ Linux Kernel Version6.8 Updaterc5
Debian ≫ Debian Linux Version10.0
Netapp ≫ 8300 Firmware Version-
Netapp ≫ 8700 Firmware Version-
Netapp ≫ A400 Firmware Version-
Netapp ≫ C400 Firmware Version-
Netapp ≫ H610c Firmware Version-
Netapp ≫ H610s Firmware Version-
Netapp ≫ H615c Firmware Version-
Netapp ≫ E-series Santricity Os Controller Version >= 11.0.0 <= 11.70.2
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.27% | 0.187 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-416 Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
CWE-476 NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
https://git.kernel.org/stable/c/02b08db594e8218cfbc0e4680d4331b457968a9b
https://git.kernel.org/stable/c/5559cea2d5aa3018a5f00dd2aca3427ba09b386b
https://git.kernel.org/stable/c/65c38f23d10ff79feea1e5d50b76dc7af383c1e6
https://git.kernel.org/stable/c/82831e3ff76ef09fb184eb93b79a3eb3fb284f1d
https://git.kernel.org/stable/c/8391b9b651cfdf80ab0f1dc4a489f9d67386e197
https://git.kernel.org/stable/c/91b020aaa1e59bfb669d34c968e3db3d5416bcee
https://git.kernel.org/stable/c/953f42934533c151f440cd32390044d2396b87aa
https://git.kernel.org/stable/c/9e02973dbc6a91e40aa4f5d87b8c47446fbfce44
https://security.netapp.com/advisory/ntap-20241101-0012/