CVE-2024-26855

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-26855
In the Linux kernel, the following vulnerability has been resolved: net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink() The function ice_bridge_setlink() may encounter a NULL pointer dereference if nlmsg_find_attr() returns NULL and br_spec is dereferenced subsequently in nla_for_each_nested(). To address this issue, add a check to ensure that br_spec is not NULL before proceeding with the nested attribute iteration.

5.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://git.kernel.org/stable/c/06e456a05d669ca30b224b8ed962421770c1496c Patch
https://git.kernel.org/stable/c/0e296067ae0d74a10b4933601f9aa9f0ec8f157f Patch
https://git.kernel.org/stable/c/1a770927dc1d642b22417c3e668c871689fc58b3 Patch
https://git.kernel.org/stable/c/37fe99016b12d32100ce670216816dba6c48b309 Patch
https://git.kernel.org/stable/c/8d95465d9a424200485792858c5b3be54658ce19 Patch
https://git.kernel.org/stable/c/afdd29726a6de4ba27cd15590661424c888dc596 Patch
https://git.kernel.org/stable/c/d9fefc51133107e59d192d773be86c1150cfeebb Patch
https://git.kernel.org/stable/c/06e456a05d669ca30b224b8ed962421770c1496c Patch
https://git.kernel.org/stable/c/0e296067ae0d74a10b4933601f9aa9f0ec8f157f Patch
https://git.kernel.org/stable/c/1a770927dc1d642b22417c3e668c871689fc58b3 Patch
https://git.kernel.org/stable/c/37fe99016b12d32100ce670216816dba6c48b309 Patch
https://git.kernel.org/stable/c/8d95465d9a424200485792858c5b3be54658ce19 Patch
https://git.kernel.org/stable/c/afdd29726a6de4ba27cd15590661424c888dc596 Patch
https://git.kernel.org/stable/c/d9fefc51133107e59d192d773be86c1150cfeebb Patch
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html Mailing List
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.8:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.8:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.8:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.8:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.8:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.8:rc6:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
History

No history.

Information

Published : 2024-04-17 11:15

Updated : 2025-01-07 22:06

NVD link : CVE-2024-26855

Mitre link : CVE-2024-26855

CVE.ORG link : CVE-2024-26855

JSON object : View

Products Affected

debian

  • debian_linux

linux

  • linux_kernel
CWE
CWE-476

NULL Pointer Dereference