OpenCVE

In the Linux kernel, the following vulnerability has been resolved: icmp: prevent possible NULL dereferences from icmp_build_probe() First problem is a double call to __in_dev_get_rcu(), because the second one could return NULL. if (__in_dev_get_rcu(dev) && __in_dev_get_rcu(dev)->ifa_list) Second problem is a read from dev->ip6_ptr with no NULL check: if (!list_empty(&rcu_dereference(dev->ip6_ptr)->addr_list)) Use the correct RCU API to fix these. v2: add missing include <net/addrconf.h>

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Redhat	Enterprise Linux Rhel Eus

No data.

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 9
kernel-0:5.14.0-427.28.1.el9_4	cpe:/a:redhat:enterprise_linux:9	RHSA-2024:4928	2024-07-31T00:00:00Z
kernel-0:5.14.0-427.28.1.el9_4	cpe:/o:redhat:enterprise_linux:9	RHSA-2024:4928	2024-07-31T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support
kernel-0:5.14.0-284.73.1.el9_2	cpe:/a:redhat:rhel_eus:9.2	RHSA-2024:4533	2024-07-15T00:00:00Z
kernel-rt-0:5.14.0-284.73.1.rt14.358.el9_2	cpe:/a:redhat:rhel_eus:9.2::nfv	RHSA-2024:4554	2024-07-15T00:00:00Z

References

Link	Providers
https://git.kernel.org/stable/c/23b7ee4a8d559bf38eac7ce5bb2f6ebf76f9c401
https://git.kernel.org/stable/c/3e2979bf080c40da4f7c93aff8575ab8bc62b767
https://git.kernel.org/stable/c/599c9ad5e1d43f5c12d869f5fd406ba5d8c55270
https://git.kernel.org/stable/c/c58e88d49097bd12dfcfef4f075b43f5d5830941
https://git.kernel.org/stable/c/d68dc711d84fdcf698e5d45308c3ddeede586350
https://lore.kernel.org/linux-cve-announce/2024051741-CVE-2024-35857-837c@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-35857
https://www.cve.org/CVERecord?id=CVE-2024-35857

History

Thu, 07 Nov 2024 22:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-476
Metrics	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}` cvssV3_1 `{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}`

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-05-17T14:47:32.763Z

Updated: 2024-11-07T21:12:11.212Z

Reserved: 2024-05-17T13:50:33.106Z

Link: CVE-2024-35857

Vulnrichment

Updated: 2024-08-02T03:21:47.567Z

NVD

Status : Awaiting Analysis

Published: 2024-05-17T15:15:23.090

Modified: 2024-11-21T09:21:03.753

Link: CVE-2024-35857

Redhat

Severity : Moderate

Publid Date: 2024-05-17T00:00:00Z

Links: CVE-2024-35857 - Bugzilla

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object