CVE-2024-26735

EPSS 0.03%
Published 03.04.2024 17:15:51
Last modified 17.03.2025 16:05:01
Source 416baaa9-dc9f-4396-8d5f-8c081f
Teams watchlist Login
Open Login

In the Linux kernel, the following vulnerability has been resolved:

ipv6: sr: fix possible use-after-free and null-ptr-deref

The pernet operations structure for the subsystem must be registered
before registering the generic netlink family.

Affected products Warnungen 0 Metrics 2 CWE 2 References 14

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 4.10 < 4.19.308

Linux ≫ Linux Kernel Version >= 4.20 < 5.4.270

Linux ≫ Linux Kernel Version >= 5.5 < 5.10.211

Linux ≫ Linux Kernel Version >= 5.11 < 5.15.150

Linux ≫ Linux Kernel Version >= 5.16 < 6.1.80

Linux ≫ Linux Kernel Version >= 6.2 < 6.6.19

Linux ≫ Linux Kernel Version >= 6.7 < 6.7.7

Linux ≫ Linux Kernel Version6.8 Updaterc1

Linux ≫ Linux Kernel Version6.8 Updaterc2

Linux ≫ Linux Kernel Version6.8 Updaterc3

Linux ≫ Linux Kernel Version6.8 Updaterc4

Linux ≫ Linux Kernel Version6.8 Updaterc5

Debian ≫ Debian Linux Version10.0

Netapp ≫ 8300 Firmware Version-

Netapp ≫ 8300

Netapp ≫ 8700 Firmware Version-

Netapp ≫ 8700

Netapp ≫ A400 Firmware Version-

Netapp ≫ A400

Netapp ≫ C400 Firmware Version-

Netapp ≫ C400

Netapp ≫ H610c Firmware Version-

Netapp ≫ H610c

Netapp ≫ H610s Firmware Version-

Netapp ≫ H610s

Netapp ≫ H615c Firmware Version-

Netapp ≫ H615c

Netapp ≫ E-series Santricity Os Controller Version >= 11.0.0 <= 11.70.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.03%	0.06

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

Mailing List

https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

Mailing List

https://git.kernel.org/stable/c/02b08db594e8218cfbc0e4680d4331b457968a9b

Patch

https://git.kernel.org/stable/c/5559cea2d5aa3018a5f00dd2aca3427ba09b386b

Patch

https://git.kernel.org/stable/c/65c38f23d10ff79feea1e5d50b76dc7af383c1e6

Patch