CVE-2024-26855

Summary

In the Linux kernel, the following vulnerability has been resolved:

net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink()

The function ice_bridge_setlink() may encounter a NULL pointer dereference if nlmsg_find_attr() returns NULL and br_spec is dereferenced subsequently in nla_for_each_nested(). To address this issue, add a check to ensure that br_spec is not NULL before proceeding with the nested attribute iteration.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxb1edc14a3fbfe0154a2aecb8bb9775c3012cb6e2 < d9fefc51133107e59d192d773be86c1150cfeebbaffected
LinuxLinuxb1edc14a3fbfe0154a2aecb8bb9775c3012cb6e2 < 37fe99016b12d32100ce670216816dba6c48b309affected
LinuxLinuxb1edc14a3fbfe0154a2aecb8bb9775c3012cb6e2 < 8d95465d9a424200485792858c5b3be54658ce19affected
LinuxLinuxb1edc14a3fbfe0154a2aecb8bb9775c3012cb6e2 < afdd29726a6de4ba27cd15590661424c888dc596affected
LinuxLinuxb1edc14a3fbfe0154a2aecb8bb9775c3012cb6e2 < 1a770927dc1d642b22417c3e668c871689fc58b3affected
LinuxLinuxb1edc14a3fbfe0154a2aecb8bb9775c3012cb6e2 < 0e296067ae0d74a10b4933601f9aa9f0ec8f157faffected
LinuxLinuxb1edc14a3fbfe0154a2aecb8bb9775c3012cb6e2 < 06e456a05d669ca30b224b8ed962421770c1496caffected
LinuxLinux4.20affected
LinuxLinux0 < 4.20unaffected
LinuxLinux5.4.272 <= 5.4.*unaffected
LinuxLinux5.10.213 <= 5.10.*unaffected
LinuxLinux5.15.152 <= 5.15.*unaffected
LinuxLinux6.1.82 <= 6.1.*unaffected
LinuxLinux6.6.22 <= 6.6.*unaffected
LinuxLinux6.7.10 <= 6.7.*unaffected
LinuxLinux6.8 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

Additional References

References