CVE-2024-35857

May 17, 2024, 6:35 p.m.

None
No Score

Description

In the Linux kernel, the following vulnerability has been resolved: icmp: prevent possible NULL dereferences from icmp_build_probe() First problem is a double call to __in_dev_get_rcu(), because the second one could return NULL. if (__in_dev_get_rcu(dev) && __in_dev_get_rcu(dev)->ifa_list) Second problem is a read from dev->ip6_ptr with no NULL check: if (!list_empty(&rcu_dereference(dev->ip6_ptr)->addr_list)) Use the correct RCU API to fix these. v2: add missing include <net/addrconf.h>

Product(s) Impacted

Product Versions
Linux kernel
  • []

Weaknesses

Common security weaknesses mapped to this vulnerability.

References

https://git.kernel.org/stable/c/23b7ee4a8d559bf38eac7ce5bb2f6ebf76f9c401
https://git.kernel.org/stable/c/3e2979bf080c40da4f7c93aff8575ab8bc62b767
https://git.kernel.org/stable/c/599c9ad5e1d43f5c12d869f5fd406ba5d8c55270
https://git.kernel.org/stable/c/c58e88d49097bd12dfcfef4f075b43f5d5830941
https://git.kernel.org/stable/c/d68dc711d84fdcf698e5d45308c3ddeede586350

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
2024-05-17
CVE-2024-35857

Timeline

Published: May 17, 2024, 3:15 p.m.
Last Modified: May 17, 2024, 6:35 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.