5.5
CVE-2024-42269
- EPSS 0.23%
- Veröffentlicht 17.08.2024 09:15:08
- Zuletzt bearbeitet 03.11.2025 22:17:52
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
netfilter: iptables: Fix potential null-ptr-deref in ip6table_nat_table_init().
In the Linux kernel, the following vulnerability has been resolved: netfilter: iptables: Fix potential null-ptr-deref in ip6table_nat_table_init(). ip6table_nat_table_init() accesses net->gen->ptr[ip6table_nat_net_ops.id], but the function is exposed to user space before the entry is allocated via register_pernet_subsys(). Let's call register_pernet_subsys() before xt_register_template().
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 5.15 < 6.1.104
Linux ≫ Linux Kernel Version >= 6.2 < 6.6.45
Linux ≫ Linux Kernel Version >= 6.7 < 6.10.4
Linux ≫ Linux Kernel Version6.11 Updaterc1
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.23% | 0.13 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-476 NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.
https://git.kernel.org/stable/c/419ee6274c5153b89c4393c1946faa4c3cad4f9e
https://git.kernel.org/stable/c/87dba44e9471b79b255d0736858a897332db9226
https://git.kernel.org/stable/c/91b6df6611b7edb28676c4f63f90c56c30d3e601
https://git.kernel.org/stable/c/c22921df777de5606f1047b1345b8d22ef1c0b34
https://git.kernel.org/stable/c/e85b9b6a87be4cb3710082038b677e97f2389003
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html