5.5
CVE-2024-39504
- EPSS 0.27%
- Veröffentlicht 12.07.2024 13:15:12
- Zuletzt bearbeitet 21.11.2024 09:27:50
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
netfilter: nft_inner: validate mandatory meta and payload
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_inner: validate mandatory meta and payload Check for mandatory netlink attributes in payload and meta expression when used embedded from the inner expression, otherwise NULL pointer dereference is possible from userspace.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 6.2 < 6.6.35
Linux ≫ Linux Kernel Version >= 6.7 < 6.9.6
Linux ≫ Linux Kernel Version6.10 Updaterc1
Linux ≫ Linux Kernel Version6.10 Updaterc2
Linux ≫ Linux Kernel Version6.10 Updaterc3
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.27% | 0.187 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-476 NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.
https://git.kernel.org/stable/c/39323f54cad29602917848346c71b087da92a19d
https://git.kernel.org/stable/c/b30669fdea0ca03aa22995e6c99f7e7d9dee89ff
https://git.kernel.org/stable/c/c4ab9da85b9df3692f861512fe6c9812f38b7471