CVE-2024-46677

Summary

In the Linux kernel, the following vulnerability has been resolved:

gtp: fix a potential NULL pointer dereference

When sockfd_lookup() fails, gtp_encap_enable_socket() returns a NULL pointer, but its callers only check for error pointers thus miss the NULL pointer case.

Fix it by returning an error pointer with the error code carried from sockfd_lookup().

(I found this bug during code inspection.)

Affected Software

VendorProductVersion RangeStatus
LinuxLinux1e3a3abd8b28cfda9d0d0167e50e0fe11bc372a9 < 620fe9809752fae91b4190e897b81ed9976dfb39affected
LinuxLinux1e3a3abd8b28cfda9d0d0167e50e0fe11bc372a9 < bdd99e5f0ad5fa727b16f2101fe880aa2bff2f8eaffected
LinuxLinux1e3a3abd8b28cfda9d0d0167e50e0fe11bc372a9 < 8bbb9e4e0e66a39282e582d0440724055404b38caffected
LinuxLinux1e3a3abd8b28cfda9d0d0167e50e0fe11bc372a9 < 4643b91691e969b1b9ad54bf552d7a990cfa3b87affected
LinuxLinux1e3a3abd8b28cfda9d0d0167e50e0fe11bc372a9 < e8b9930b0eb045d19e883c65ff9676fc89320c70affected
LinuxLinux1e3a3abd8b28cfda9d0d0167e50e0fe11bc372a9 < 28c67f0f84f889fe9f4cbda8354132b20dc9212daffected
LinuxLinux1e3a3abd8b28cfda9d0d0167e50e0fe11bc372a9 < 612edd35f2a3910ab1f61c1f2338889d4ba99fa2affected
LinuxLinux1e3a3abd8b28cfda9d0d0167e50e0fe11bc372a9 < defd8b3c37b0f9cb3e0f60f47d3d78d459d57fdaaffected
LinuxLinux4.12affected
LinuxLinux0 < 4.12unaffected
LinuxLinux4.19.321 <= 4.19.*unaffected
LinuxLinux5.4.283 <= 5.4.*unaffected
LinuxLinux5.10.225 <= 5.10.*unaffected
LinuxLinux5.15.166 <= 5.15.*unaffected
LinuxLinux6.1.108 <= 6.1.*unaffected
LinuxLinux6.6.49 <= 6.6.*unaffected
LinuxLinux6.10.8 <= 6.10.*unaffected
LinuxLinux6.11 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References