In the Linux kernel, the following vulnerability has been resolved: nbd: null check for nla_nest_start nla_nest_start() may fail and return NULL. Insert a check and set errno based on other call sites within the same source code.

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Redhat
  • Enterprise Linux

No data.

Package CPE Advisory Released Date
Red Hat Enterprise Linux 8
kernel-rt-0:4.18.0-553.16.1.rt7.357.el8_10 cpe:/a:redhat:enterprise_linux:8::nfv RHSA-2024:5102 2024-08-08T00:00:00Z
kernel-0:4.18.0-553.16.1.el8_10 cpe:/o:redhat:enterprise_linux:8 RHSA-2024:5101 2024-08-08T00:00:00Z
Red Hat Enterprise Linux 9
kernel-0:5.14.0-503.11.1.el9_5 cpe:/a:redhat:enterprise_linux:9 RHSA-2024:9315 2024-11-12T00:00:00Z
kernel-0:5.14.0-503.11.1.el9_5 cpe:/o:redhat:enterprise_linux:9 RHSA-2024:9315 2024-11-12T00:00:00Z
References
Link Providers
https://git.kernel.org/stable/c/31edf4bbe0ba27fd03ac7d87eb2ee3d2a231af6d cve-icon cve-icon cve-icon
https://git.kernel.org/stable/c/44214d744be32a4769faebba764510888f1eb19e cve-icon cve-icon cve-icon
https://git.kernel.org/stable/c/4af837db0fd3679fabc7b7758397090b0c06dced cve-icon cve-icon cve-icon
https://git.kernel.org/stable/c/96436365e5d80d0106ea785a4f80a58e7c9edff8 cve-icon cve-icon cve-icon
https://git.kernel.org/stable/c/98e60b538e66c90b9a856828c71d4e975ebfa797 cve-icon cve-icon cve-icon
https://git.kernel.org/stable/c/b7f5aed55829f376e4f7e5ea5b80ccdcb023e983 cve-icon cve-icon cve-icon
https://git.kernel.org/stable/c/ba6a9970ce9e284cbc04099361c58731e308596a cve-icon cve-icon cve-icon
https://git.kernel.org/stable/c/e803040b368d046434fbc8a91945c690332c4fcf cve-icon cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2024050107-CVE-2024-27025-babd@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-27025 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-27025 cve-icon
History

Wed, 13 Nov 2024 02:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:enterprise_linux:9
cpe:/o:redhat:enterprise_linux:9

Thu, 08 Aug 2024 23:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat
Redhat enterprise Linux
CPEs cpe:/a:redhat:enterprise_linux:8::nfv
cpe:/o:redhat:enterprise_linux:8
Vendors & Products Redhat
Redhat enterprise Linux
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-05-01T12:49:28.124Z

Updated: 2024-11-05T09:20:11.623Z

Reserved: 2024-02-19T14:20:24.210Z

Link: CVE-2024-27025

cve-icon Vulnrichment

Updated: 2024-08-02T00:21:05.917Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-05-01T13:15:48.890

Modified: 2024-11-21T09:03:41.403

Link: CVE-2024-27025

cve-icon Redhat

Severity : Low

Publid Date: 2024-05-01T00:00:00Z

Links: CVE-2024-27025 - Bugzilla