CVE-2024-45018

Sept. 13, 2024, 4:36 p.m.

5.5
Medium

Description

In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: initialise extack before use Fix missing initialisation of extack in flow offload.

Product(s) Impacted

Vendor Product Versions
Linux
  • Linux Kernel
  • *, 6.11

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-665
Improper Initialization
The product does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel 6.11 rc1 / / / / / /
o linux linux_kernel 6.11 rc2 / / / / / /
o linux linux_kernel 6.11 rc3 / / / / / /

References

https://git.kernel.org/stable/c/119be227bc04f5035efa64cb823b8a5ca5e2d1c1
https://git.kernel.org/stable/c/356beb911b63a8cff34cb57f755c2a2d2ee9dec7
https://git.kernel.org/stable/c/7eafeec6be68ebd6140a830ce9ae68ad5b67ec78
https://git.kernel.org/stable/c/c7b760499f7791352b49b11667ed04b23d7f5b0f
https://git.kernel.org/stable/c/e5ceff2196dc633c995afb080f6f44a72cff6e1d
https://git.kernel.org/stable/c/e9767137308daf906496613fd879808a07f006a2

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
CWE-665
2024-09-11
CVE-2024-45018

CVSS Score

5.5 / 10

CVSS Data - 3.1

  • Attack Vector: LOCAL
  • Attack Complexity: LOW
  • Privileges Required: LOW
  • Scope: UNCHANGED
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: HIGH

    • CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

    View Vector String

Timeline

Published: Sept. 11, 2024, 4:15 p.m.
Last Modified: Sept. 13, 2024, 4:36 p.m.

Status : Analyzed

CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.