5.5

CVE-2024-26855

net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink()

In the Linux kernel, the following vulnerability has been resolved:

net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink()

The function ice_bridge_setlink() may encounter a NULL pointer dereference
if nlmsg_find_attr() returns NULL and br_spec is dereferenced subsequently
in nla_for_each_nested(). To address this issue, add a check to ensure that
br_spec is not NULL before proceeding with the nested attribute iteration.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.20 < 5.4.272
LinuxLinux Kernel Version >= 5.5 < 5.10.213
LinuxLinux Kernel Version >= 5.11 < 5.15.152
LinuxLinux Kernel Version >= 5.16 < 6.1.82
LinuxLinux Kernel Version >= 6.2 < 6.6.22
LinuxLinux Kernel Version >= 6.7 < 6.7.10
LinuxLinux Kernel Version6.8 Updaterc1
LinuxLinux Kernel Version6.8 Updaterc2
LinuxLinux Kernel Version6.8 Updaterc3
LinuxLinux Kernel Version6.8 Updaterc4
LinuxLinux Kernel Version6.8 Updaterc5
LinuxLinux Kernel Version6.8 Updaterc6
DebianDebian Linux Version10.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.25% 0.162
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
Mailing List
https://git.kernel.org/stable/c/06e456a05d669ca30b224b8ed962421770c1496c
Patch
https://git.kernel.org/stable/c/0e296067ae0d74a10b4933601f9aa9f0ec8f157f
Patch
https://git.kernel.org/stable/c/1a770927dc1d642b22417c3e668c871689fc58b3
Patch
https://git.kernel.org/stable/c/37fe99016b12d32100ce670216816dba6c48b309
Patch
https://git.kernel.org/stable/c/8d95465d9a424200485792858c5b3be54658ce19
Patch
https://git.kernel.org/stable/c/afdd29726a6de4ba27cd15590661424c888dc596
Patch
https://git.kernel.org/stable/c/d9fefc51133107e59d192d773be86c1150cfeebb
Patch
https://cert-portal.siemens.com/productcert/html/ssa-265688.html