CVE-2024-26735

Summary

In the Linux kernel, the following vulnerability has been resolved:

ipv6: sr: fix possible use-after-free and null-ptr-deref

The pernet operations structure for the subsystem must be registered before registering the generic netlink family.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux915d7e5e5930b4f01d0971d93b9b25ed17d221aa < 953f42934533c151f440cd32390044d2396b87aaaffected
LinuxLinux915d7e5e5930b4f01d0971d93b9b25ed17d221aa < 82831e3ff76ef09fb184eb93b79a3eb3fb284f1daffected
LinuxLinux915d7e5e5930b4f01d0971d93b9b25ed17d221aa < 65c38f23d10ff79feea1e5d50b76dc7af383c1e6affected
LinuxLinux915d7e5e5930b4f01d0971d93b9b25ed17d221aa < 91b020aaa1e59bfb669d34c968e3db3d5416bceeaffected
LinuxLinux915d7e5e5930b4f01d0971d93b9b25ed17d221aa < 8391b9b651cfdf80ab0f1dc4a489f9d67386e197affected
LinuxLinux915d7e5e5930b4f01d0971d93b9b25ed17d221aa < 9e02973dbc6a91e40aa4f5d87b8c47446fbfce44affected
LinuxLinux915d7e5e5930b4f01d0971d93b9b25ed17d221aa < 02b08db594e8218cfbc0e4680d4331b457968a9baffected
LinuxLinux915d7e5e5930b4f01d0971d93b9b25ed17d221aa < 5559cea2d5aa3018a5f00dd2aca3427ba09b386baffected
LinuxLinux4.10affected
LinuxLinux0 < 4.10unaffected
LinuxLinux4.19.308 <= 4.19.*unaffected
LinuxLinux5.4.270 <= 5.4.*unaffected
LinuxLinux5.10.211 <= 5.10.*unaffected
LinuxLinux5.15.150 <= 5.15.*unaffected
LinuxLinux6.1.80 <= 6.1.*unaffected
LinuxLinux6.6.19 <= 6.6.*unaffected
LinuxLinux6.7.7 <= 6.7.*unaffected
LinuxLinux6.8 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References