CVE-2024-46677 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: gtp: fix a potential NULL pointer dereference When sockfd_lookup() fails, gtp_encap_enable_socket() returns a NULL pointer, but its callers only check for error pointers thus miss the NULL pointer case. Fix it by returning an error pointer with the error code carried from sockfd_lookup(). (I found this bug during code inspection.)

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Linux	Linux Kernel

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.11:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.11:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.11:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.11:rc4::::::
	cpe:2.3:o:linux:linux_kernel:6.11:rc5::::::

No data.

References

Link	Providers
https://git.kernel.org/stable/c/28c67f0f84f889fe9f4cbda8354132b20dc9212d
https://git.kernel.org/stable/c/4643b91691e969b1b9ad54bf552d7a990cfa3b87
https://git.kernel.org/stable/c/612edd35f2a3910ab1f61c1f2338889d4ba99fa2
https://git.kernel.org/stable/c/620fe9809752fae91b4190e897b81ed9976dfb39
https://git.kernel.org/stable/c/8bbb9e4e0e66a39282e582d0440724055404b38c
https://git.kernel.org/stable/c/bdd99e5f0ad5fa727b16f2101fe880aa2bff2f8e
https://git.kernel.org/stable/c/defd8b3c37b0f9cb3e0f60f47d3d78d459d57fda
https://git.kernel.org/stable/c/e8b9930b0eb045d19e883c65ff9676fc89320c70
https://lore.kernel.org/linux-cve-announce/2024091336-CVE-2024-46677-b53c@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-46677
https://www.cve.org/CVERecord?id=CVE-2024-46677

History

Sun, 29 Sep 2024 16:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 13 Sep 2024 23:30:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2024091336-CVE-2024-46677-b53c@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2024-46677 https://www.cve.org/CVERecord?id=CVE-2024-46677
Metrics	threat_severity `None`	threat_severity `Moderate`

Fri, 13 Sep 2024 17:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
Weaknesses		CWE-476
CPEs		cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.11:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.11:rc2:::::: cpe:2.3:o:linux:linux_kernel:6.11:rc3:::::: cpe:2.3:o:linux:linux_kernel:6.11:rc4:::::: cpe:2.3:o:linux:linux_kernel:6.11:rc5::::::
Vendors & Products		Linux Linux linux Kernel
Metrics		cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`

Fri, 13 Sep 2024 05:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: gtp: fix a potential NULL pointer dereference When sockfd_lookup() fails, gtp_encap_enable_socket() returns a NULL pointer, but its callers only check for error pointers thus miss the NULL pointer case. Fix it by returning an error pointer with the error code carried from sockfd_lookup(). (I found this bug during code inspection.)
Title		gtp: fix a potential NULL pointer dereference
References		https://git.kernel.org/stable/c/28c67f0f84f889fe9f4cbda8354132b20dc9212d https://git.kernel.org/stable/c/4643b91691e969b1b9ad54bf552d7a990cfa3b87 https://git.kernel.org/stable/c/612edd35f2a3910ab1f61c1f2338889d4ba99fa2 https://git.kernel.org/stable/c/620fe9809752fae91b4190e897b81ed9976dfb39 https://git.kernel.org/stable/c/8bbb9e4e0e66a39282e582d0440724055404b38c https://git.kernel.org/stable/c/bdd99e5f0ad5fa727b16f2101fe880aa2bff2f8e https://git.kernel.org/stable/c/defd8b3c37b0f9cb3e0f60f47d3d78d459d57fda https://git.kernel.org/stable/c/e8b9930b0eb045d19e883c65ff9676fc89320c70

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-09-13T05:29:12.203Z

Updated: 2024-12-19T09:20:46.569Z

Reserved: 2024-09-11T15:12:18.247Z

Link: CVE-2024-46677

Vulnrichment

Updated: 2024-09-29T15:13:02.018Z

NVD

Status : Analyzed

Published: 2024-09-13T06:15:12.360

Modified: 2024-09-13T16:51:53.690

Link: CVE-2024-46677

Redhat

Severity : Moderate

Publid Date: 2024-09-13T00:00:00Z

Links: CVE-2024-46677 - Bugzilla

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object