5.5

CVE-2024-35904

selinux: avoid dereference of garbage after mount failure

In the Linux kernel, the following vulnerability has been resolved:

selinux: avoid dereference of garbage after mount failure

In case kern_mount() fails and returns an error pointer return in the
error branch instead of continuing and dereferencing the error pointer.

While on it drop the never read static variable selinuxfs_mount.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.17 < 6.6.26
LinuxLinux Kernel Version >= 6.7 < 6.8.5
LinuxLinux Kernel Version6.9 Updaterc1
LinuxLinux Kernel Version6.9 Updaterc2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.23% 0.13
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

http://www.openwall.com/lists/oss-security/2024/05/30/1
Mailing List
http://www.openwall.com/lists/oss-security/2024/05/30/2
Mailing List
https://git.kernel.org/stable/c/37801a36b4d68892ce807264f784d818f8d0d39b
Patch
https://git.kernel.org/stable/c/477ed6789eb9f3f4d3568bb977f90c863c12724e
Patch
https://git.kernel.org/stable/c/68784a5d01b8868ff85a7926676b6729715fff3c
Patch