CVE-2024-26855

net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink()

Severity Score

4.4

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink() The function ice_bridge_setlink() may encounter a NULL pointer dereference
if nlmsg_find_attr() returns NULL and br_spec is dereferenced subsequently
in nla_for_each_nested(). To address this issue, add a check to ensure that
br_spec is not NULL before proceeding with the nested attribute iteration.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: ice: corrige una posible desreferencia de puntero NULL en ice_bridge_setlink() La función ice_bridge_setlink() puede encontrar una desreferencia de puntero NULL si nlmsg_find_attr() devuelve NULL y br_spec se desreferencia posteriormente en nla_for_each_nested( ). Para solucionar este problema, agregue una verificación para garantizar que br_spec no sea NULL antes de continuar con la iteración del atributo anidado.

A vulnerability was found in the ice_bridge_setlink() function in the Linux kernel. A missing check to verify whether the nlmsg_find_attr() function returns NULL or not could lead to a NULL pointer dereference, system instability, or crashes.

In the Linux kernel, the following vulnerability has been resolved: net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink() The function ice_bridge_setlink() may encounter a NULL pointer dereference if nlmsg_find_attr() returns NULL and br_spec is dereferenced subsequently in nla_for_each_nested(). To address this issue, add a check to ensure that br_spec is not NULL before proceeding with the nested attribute iteration.

Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service. It was discovered that the ATA over Ethernet driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-02-19 CVE Reserved
2024-04-17 CVE Published
2024-12-19 CVE Updated
2025-03-18 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-690: Unchecked Return Value to NULL Pointer Dereference

CAPEC

References (11)

URL	Tag	Source
https://git.kernel.org/stable/c/b1edc14a3fbfe0154a2aecb8bb9775c3012cb6e2	Vuln. Introduced
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/d9fefc51133107e59d192d773be86c1150cfeebb	2024-03-15
https://git.kernel.org/stable/c/37fe99016b12d32100ce670216816dba6c48b309	2024-03-15
https://git.kernel.org/stable/c/8d95465d9a424200485792858c5b3be54658ce19	2024-03-15
https://git.kernel.org/stable/c/afdd29726a6de4ba27cd15590661424c888dc596	2024-03-15
https://git.kernel.org/stable/c/1a770927dc1d642b22417c3e668c871689fc58b3	2024-03-15
https://git.kernel.org/stable/c/0e296067ae0d74a10b4933601f9aa9f0ec8f157f	2024-03-15
https://git.kernel.org/stable/c/06e456a05d669ca30b224b8ed962421770c1496c	2024-03-05

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2024-26855	2024-09-24
https://bugzilla.redhat.com/show_bug.cgi?id=2275742	2024-09-24

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.20 < 5.4.272 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.20 < 5.4.272"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.20 < 5.10.213 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.20 < 5.10.213"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.20 < 5.15.152 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.20 < 5.15.152"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.20 < 6.1.82 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.20 < 6.1.82"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.20 < 6.6.22 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.20 < 6.6.22"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.20 < 6.7.10 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.20 < 6.7.10"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.20 < 6.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.20 < 6.8"		en		Affected