{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-26855", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-19T14:20:24.183Z", "datePublished": "2024-04-17T10:17:17.858Z", "dateUpdated": "2024-08-02T00:14:13.668Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-29T05:23:56.911Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ice: Fix potential NULL pointer dereference in ice_bridge_setlink()\n\nThe function ice_bridge_setlink() may encounter a NULL pointer dereference\nif nlmsg_find_attr() returns NULL and br_spec is dereferenced subsequently\nin nla_for_each_nested(). To address this issue, add a check to ensure that\nbr_spec is not NULL before proceeding with the nested attribute iteration."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/intel/ice/ice_main.c"], "versions": [{"version": "b1edc14a3fbf", "lessThan": "d9fefc511331", "status": "affected", "versionType": "git"}, {"version": "b1edc14a3fbf", "lessThan": "37fe99016b12", "status": "affected", "versionType": "git"}, {"version": "b1edc14a3fbf", "lessThan": "8d95465d9a42", "status": "affected", "versionType": "git"}, {"version": "b1edc14a3fbf", "lessThan": "afdd29726a6d", "status": "affected", "versionType": "git"}, {"version": "b1edc14a3fbf", "lessThan": "1a770927dc1d", "status": "affected", "versionType": "git"}, {"version": "b1edc14a3fbf", "lessThan": "0e296067ae0d", "status": "affected", "versionType": "git"}, {"version": "b1edc14a3fbf", "lessThan": "06e456a05d66", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/intel/ice/ice_main.c"], "versions": [{"version": "4.20", "status": "affected"}, {"version": "0", "lessThan": "4.20", "status": "unaffected", "versionType": "custom"}, {"version": "5.4.272", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.10.213", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.15.152", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.1.82", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.6.22", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.7.10", "lessThanOrEqual": "6.7.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.8", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/d9fefc51133107e59d192d773be86c1150cfeebb"}, {"url": "https://git.kernel.org/stable/c/37fe99016b12d32100ce670216816dba6c48b309"}, {"url": "https://git.kernel.org/stable/c/8d95465d9a424200485792858c5b3be54658ce19"}, {"url": "https://git.kernel.org/stable/c/afdd29726a6de4ba27cd15590661424c888dc596"}, {"url": "https://git.kernel.org/stable/c/1a770927dc1d642b22417c3e668c871689fc58b3"}, {"url": "https://git.kernel.org/stable/c/0e296067ae0d74a10b4933601f9aa9f0ec8f157f"}, {"url": "https://git.kernel.org/stable/c/06e456a05d669ca30b224b8ed962421770c1496c"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"}], "title": "net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink()", "x_generator": {"engine": "bippy-a5840b7849dd"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-26855", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-23T14:02:40.817976Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:48:40.362Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:14:13.668Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/d9fefc51133107e59d192d773be86c1150cfeebb", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/37fe99016b12d32100ce670216816dba6c48b309", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/8d95465d9a424200485792858c5b3be54658ce19", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/afdd29726a6de4ba27cd15590661424c888dc596", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/1a770927dc1d642b22417c3e668c871689fc58b3", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/0e296067ae0d74a10b4933601f9aa9f0ec8f157f", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/06e456a05d669ca30b224b8ed962421770c1496c", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/d9fefc51133107e59d192d773be86c1150cfeebb", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/37fe99016b12d32100ce670216816dba6c48b309", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/8d95465d9a424200485792858c5b3be54658ce19", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/afdd29726a6de4ba27cd15590661424c888dc596", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/1a770927dc1d642b22417c3e668c871689fc58b3", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/0e296067ae0d74a10b4933601f9aa9f0ec8f157f", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/06e456a05d669ca30b224b8ed962421770c1496c", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:14:13.668Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-26855", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-23T14:02:40.817976Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:23.967Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink()", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "b1edc14a3fbf", "lessThan": "d9fefc511331", "versionType": "git"}, {"status": "affected", "version": "b1edc14a3fbf", "lessThan": "37fe99016b12", "versionType": "git"}, {"status": "affected", "version": "b1edc14a3fbf", "lessThan": "8d95465d9a42", "versionType": "git"}, {"status": "affected", "version": "b1edc14a3fbf", "lessThan": "afdd29726a6d", "versionType": "git"}, {"status": "affected", "version": "b1edc14a3fbf", "lessThan": "1a770927dc1d", "versionType": "git"}, {"status": "affected", "version": "b1edc14a3fbf", "lessThan": "0e296067ae0d", "versionType": "git"}, {"status": "affected", "version": "b1edc14a3fbf", "lessThan": "06e456a05d66", "versionType": "git"}], "programFiles": ["drivers/net/ethernet/intel/ice/ice_main.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "4.20"}, {"status": "unaffected", "version": "0", "lessThan": "4.20", "versionType": "custom"}, {"status": "unaffected", "version": "5.4.272", "versionType": "custom", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.213", "versionType": "custom", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.152", "versionType": "custom", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.82", "versionType": "custom", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.22", "versionType": "custom", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.7.10", "versionType": "custom", "lessThanOrEqual": "6.7.*"}, {"status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/net/ethernet/intel/ice/ice_main.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/d9fefc51133107e59d192d773be86c1150cfeebb"}, {"url": "https://git.kernel.org/stable/c/37fe99016b12d32100ce670216816dba6c48b309"}, {"url": "https://git.kernel.org/stable/c/8d95465d9a424200485792858c5b3be54658ce19"}, {"url": "https://git.kernel.org/stable/c/afdd29726a6de4ba27cd15590661424c888dc596"}, {"url": "https://git.kernel.org/stable/c/1a770927dc1d642b22417c3e668c871689fc58b3"}, {"url": "https://git.kernel.org/stable/c/0e296067ae0d74a10b4933601f9aa9f0ec8f157f"}, {"url": "https://git.kernel.org/stable/c/06e456a05d669ca30b224b8ed962421770c1496c"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"}], "x_generator": {"engine": "bippy-a5840b7849dd"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ice: Fix potential NULL pointer dereference in ice_bridge_setlink()\n\nThe function ice_bridge_setlink() may encounter a NULL pointer dereference\nif nlmsg_find_attr() returns NULL and br_spec is dereferenced subsequently\nin nla_for_each_nested(). To address this issue, add a check to ensure that\nbr_spec is not NULL before proceeding with the nested attribute iteration."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-29T05:23:56.911Z"}}}, "cveMetadata": {"cveId": "CVE-2024-26855", "state": "PUBLISHED", "dateUpdated": "2024-08-02T00:14:13.668Z", "dateReserved": "2024-02-19T14:20:24.183Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-04-17T10:17:17.858Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ice: Fix potential NULL pointer dereference in ice_bridge_setlink()\n\nThe function ice_bridge_setlink() may encounter a NULL pointer dereference\nif nlmsg_find_attr() returns NULL and br_spec is dereferenced subsequently\nin nla_for_each_nested(). To address this issue, add a check to ensure that\nbr_spec is not NULL before proceeding with the nested attribute iteration."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: ice: corrige una posible desreferencia de puntero NULL en ice_bridge_setlink() La funci\u00f3n ice_bridge_setlink() puede encontrar una desreferencia de puntero NULL si nlmsg_find_attr() devuelve NULL y br_spec se desreferencia posteriormente en nla_for_each_nested( ). Para solucionar este problema, agregue una verificaci\u00f3n para garantizar que br_spec no sea NULL antes de continuar con la iteraci\u00f3n del atributo anidado."}], "id": "CVE-2024-26855", "lastModified": "2024-06-25T22:15:24.110", "metrics": {}, "published": "2024-04-17T11:15:08.690", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/06e456a05d669ca30b224b8ed962421770c1496c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/0e296067ae0d74a10b4933601f9aa9f0ec8f157f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/1a770927dc1d642b22417c3e668c871689fc58b3"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/37fe99016b12d32100ce670216816dba6c48b309"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/8d95465d9a424200485792858c5b3be54658ce19"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/afdd29726a6de4ba27cd15590661424c888dc596"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/d9fefc51133107e59d192d773be86c1150cfeebb"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"affected_release": [{"advisory": "RHSA-2024:5928", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-427.33.1.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-08-28T00:00:00Z"}, {"advisory": "RHSA-2024:5928", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-427.33.1.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-08-28T00:00:00Z"}, {"advisory": "RHSA-2024:5364", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "kernel-0:5.14.0-284.79.1.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-08-14T00:00:00Z"}, {"advisory": "RHSA-2024:5365", "cpe": "cpe:/a:redhat:rhel_eus:9.2::nfv", "package": "kernel-rt-0:5.14.0-284.79.1.rt14.364.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-08-14T00:00:00Z"}], "bugzilla": {"description": "kernel: net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink()", "id": "2275742", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275742"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-690", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nnet: ice: Fix potential NULL pointer dereference in ice_bridge_setlink()\nThe function ice_bridge_setlink() may encounter a NULL pointer dereference\nif nlmsg_find_attr() returns NULL and br_spec is dereferenced subsequently\nin nla_for_each_nested(). To address this issue, add a check to ensure that\nbr_spec is not NULL before proceeding with the nested attribute iteration.", "A vulnerability was found in the ice_bridge_setlink() function in the Linux kernel. A missing check to verify whether the nlmsg_find_attr() function returns NULL or not could lead to a NULL pointer dereference, system instability, or crashes."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-26855", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-04-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-26855\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-26855\nhttps://lore.kernel.org/linux-cve-announce/2024041724-CVE-2024-26855-ac0d@gregkh/T"], "threat_severity": "Moderate", "upstream_fix": "kernel 5.4.272, kernel 5.10.213, kernel 5.15.152, kernel 6.1.82, kernel 6.6.22, kernel 6.7.10, kernel 6.8"}