CVE-2024-39504

CVSS v3.1 5.5 (Medium)

EPSS 0.04 % (5^th)

Affected Products 1

Advisories 8

NVD Status Analyzed

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nft_inner: validate mandatory meta and payload

Check for mandatory netlink attributes in payload and meta expression
when used embedded from the inner expression, otherwise NULL pointer
dereference is possible from userspace.

Weaknesses

CWE-476: NULL Pointer Dereference

CVE Status: PUBLISHED
NVD Status: Analyzed
CNA: kernel.org
Published Date: 2024-07-12 13:15:12
(2 months ago)
Updated Date: 2024-08-28 19:58:45
(3 weeks ago)

Affected Products

Linux

Linux Kernel

Configuration #1

	CPE23	From	Up To
Linux Kernel from 6.2 version and prior 6.6.35 version	cpe:2.3:o:linux:linux_kernel	>= 6.2	< 6.6.35
Linux Kernel from 6.7 version and prior 6.9.6 version	cpe:2.3:o:linux:linux_kernel	>= 6.7	< 6.9.6
Linux Kernel 6.10 Rc1	cpe:2.3:o:linux:linux_kernel:6.10:rc1
Linux Kernel 6.10 Rc2	cpe:2.3:o:linux:linux_kernel:6.10:rc2
Linux Kernel 6.10 Rc3	cpe:2.3:o:linux:linux_kernel:6.10:rc3