CVE-2024-39504

MEDIUM EPSS 18.9%
Published Jul 12, 20241y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Jul 12, 2024 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_inner: validate mandatory meta and payload Check for mandatory netlink attributes in payload and meta expression when used embedded from the inner expression, otherwise NULL pointer dereference is possible from userspace.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
18.9% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-476 NULL Pointer Dereference Memory Safety

Affected Products 5

VendorProductVersionRange
linuxlinux_kernel*≥6.2  –  <6.6.35
linuxlinux_kernel*≥6.7  –  <6.9.6
linuxlinux_kernel6.10any
linuxlinux_kernel6.10any
linuxlinux_kernel6.10any

References 3

  • git.kernel.org https://git.kernel.org/stable/c/39323f54cad29602917848346c71b087da92a19d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b30669fdea0ca03aa22995e6c99f7e7d9dee89ff
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c4ab9da85b9df3692f861512fe6c9812f38b7471
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/39323f54cad29602917848346c71b087da92a19d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b30669fdea0ca03aa22995e6c99f7e7d9dee89ff
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c4ab9da85b9df3692f861512fe6c9812f38b7471
    Patch