U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

CVE-2024-35857 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: icmp: prevent possible NULL dereferences from icmp_build_probe() First problem is a double call to __in_dev_get_rcu(), because the second one could return NULL. if (__in_dev_get_rcu(dev) && __in_dev_get_rcu(dev)->ifa_list) Second problem is a read from dev->ip6_ptr with no NULL check: if (!list_empty(&rcu_dereference(dev->ip6_ptr)->addr_list)) Use the correct RCU API to fix these. v2: add missing include <net/addrconf.h>


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NIST CVSS score
NIST: NVD
N/A
NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource
https://git.kernel.org/stable/c/23b7ee4a8d559bf38eac7ce5bb2f6ebf76f9c401
https://git.kernel.org/stable/c/23b7ee4a8d559bf38eac7ce5bb2f6ebf76f9c401
https://git.kernel.org/stable/c/3e2979bf080c40da4f7c93aff8575ab8bc62b767
https://git.kernel.org/stable/c/3e2979bf080c40da4f7c93aff8575ab8bc62b767
https://git.kernel.org/stable/c/599c9ad5e1d43f5c12d869f5fd406ba5d8c55270
https://git.kernel.org/stable/c/599c9ad5e1d43f5c12d869f5fd406ba5d8c55270
https://git.kernel.org/stable/c/c58e88d49097bd12dfcfef4f075b43f5d5830941
https://git.kernel.org/stable/c/c58e88d49097bd12dfcfef4f075b43f5d5830941
https://git.kernel.org/stable/c/d68dc711d84fdcf698e5d45308c3ddeede586350
https://git.kernel.org/stable/c/d68dc711d84fdcf698e5d45308c3ddeede586350

Weakness Enumeration

CWE-ID CWE Name Source
CWE-476 NULL Pointer Dereference CISA-ADP  

Change History

4 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2024-35857
NVD Published Date:
05/17/2024
NVD Last Modified:
11/21/2024
Source:
kernel.org