5.5

CVE-2024-39504

EPSS 0.01%
Published 12.07.2024 13:15:12
Last modified 21.11.2024 09:27:50
Source 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Open
Login

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nft_inner: validate mandatory meta and payload

Check for mandatory netlink attributes in payload and meta expression
when used embedded from the inner expression, otherwise NULL pointer
dereference is possible from userspace.

Affected products Warnungen 0 Metrics 2 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 6.2 < 6.6.35

Linux ≫ Linux Kernel Version >= 6.7 < 6.9.6

Linux ≫ Linux Kernel Version6.10 Updaterc1

Linux ≫ Linux Kernel Version6.10 Updaterc2

Linux ≫ Linux Kernel Version6.10 Updaterc3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.01%	0.009

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://git.kernel.org/stable/c/39323f54cad29602917848346c71b087da92a19d

Patch

https://git.kernel.org/stable/c/b30669fdea0ca03aa22995e6c99f7e7d9dee89ff

Patch

https://git.kernel.org/stable/c/c4ab9da85b9df3692f861512fe6c9812f38b7471

Patch

https://nvd.nist.gov/vuln/detail/CVE-2024-39504

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-39504

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-39504

EUVD