5.5

CVE-2024-45018

netfilter: flowtable: initialise extack before use

In the Linux kernel, the following vulnerability has been resolved:

netfilter: flowtable: initialise extack before use

Fix missing initialisation of extack in flow offload.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.5 < 5.10.225
LinuxLinux Kernel Version >= 5.11 < 5.15.166
LinuxLinux Kernel Version >= 5.16 < 6.1.107
LinuxLinux Kernel Version >= 6.2 < 6.6.48
LinuxLinux Kernel Version >= 6.7 < 6.10.7
LinuxLinux Kernel Version6.11 Updaterc1
LinuxLinux Kernel Version6.11 Updaterc2
LinuxLinux Kernel Version6.11 Updaterc3
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.24% 0.147
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-665 Improper Initialization

The product does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.

https://git.kernel.org/stable/c/119be227bc04f5035efa64cb823b8a5ca5e2d1c1
Patch
https://git.kernel.org/stable/c/356beb911b63a8cff34cb57f755c2a2d2ee9dec7
Patch
https://git.kernel.org/stable/c/7eafeec6be68ebd6140a830ce9ae68ad5b67ec78
Patch
https://git.kernel.org/stable/c/c7b760499f7791352b49b11667ed04b23d7f5b0f
Patch
https://git.kernel.org/stable/c/e5ceff2196dc633c995afb080f6f44a72cff6e1d
Patch
https://git.kernel.org/stable/c/e9767137308daf906496613fd879808a07f006a2
Patch
https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
https://cert-portal.siemens.com/productcert/html/ssa-265688.html