Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistLinuxCVELIST:CVE-2024-40961
HistoryJul 12, 2024 - 12:32 p.m.

CVE-2024-40961 ipv6: prevent possible NULL deref in fib6_nh_init()

2024-07-1212:32:02
Linux
www.cve.org
4
ipv6
null deref
fib6_nh_init
linux kernel

EPSS

0

Percentile

5.0%

JSON

In the Linux kernel, the following vulnerability has been resolved:

ipv6: prevent possible NULL deref in fib6_nh_init()

syzbot reminds us that in6_dev_get() can return NULL.

fib6_nh_init()
ip6_validate_gw( &idev )
ip6_route_check_nh( idev )
*idev = in6_dev_get(dev); // can be NULL

Oops: general protection fault, probably for non-canonical address 0xdffffc00000000bc: 0000 [#1] PREEMPT SMP KASAN PTI
KASAN: null-ptr-deref in range [0x00000000000005e0-0x00000000000005e7]
CPU: 0 PID: 11237 Comm: syz-executor.3 Not tainted 6.10.0-rc2-syzkaller-00249-gbe27b8965297 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
RIP: 0010:fib6_nh_init+0x640/0x2160 net/ipv6/route.c:3606
Code: 00 00 fc ff df 4c 8b 64 24 58 48 8b 44 24 28 4c 8b 74 24 30 48 89 c1 48 89 44 24 28 48 8d 98 e0 05 00 00 48 89 d8 48 c1 e8 03 <42> 0f b6 04 38 84 c0 0f 85 b3 17 00 00 8b 1b 31 ff 89 de e8 b8 8b
RSP: 0018:ffffc900032775a0 EFLAGS: 00010202
RAX: 00000000000000bc RBX: 00000000000005e0 RCX: 0000000000000000
RDX: 0000000000000010 RSI: ffffc90003277a54 RDI: ffff88802b3a08d8
RBP: ffffc900032778b0 R08: 00000000000002fc R09: 0000000000000000
R10: 00000000000002fc R11: 0000000000000000 R12: ffff88802b3a08b8
R13: 1ffff9200064eec8 R14: ffffc90003277a00 R15: dffffc0000000000
FS: 00007f940feb06c0(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 00000000245e8000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
ip6_route_info_create+0x99e/0x12b0 net/ipv6/route.c:3809
ip6_route_add+0x28/0x160 net/ipv6/route.c:3853
ipv6_route_ioctl+0x588/0x870 net/ipv6/route.c:4483
inet6_ioctl+0x21a/0x280 net/ipv6/af_inet6.c:579
sock_do_ioctl+0x158/0x460 net/socket.c:1222
sock_ioctl+0x629/0x8e0 net/socket.c:1341
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:907 [inline]
__se_sys_ioctl+0xfc/0x170 fs/ioctl.c:893
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f940f07cea9

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "net/ipv6/route.c"
    ],
    "versions": [
      {
        "version": "428604fb118f",
        "lessThan": "3200ffeec4d5",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "428604fb118f",
        "lessThan": "de5ad4d45cd0",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "428604fb118f",
        "lessThan": "4cdfe813015d",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "428604fb118f",
        "lessThan": "88b9a55e2e35",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "428604fb118f",
        "lessThan": "b6947723c9ea",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "428604fb118f",
        "lessThan": "ae8d3d39efe3",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "428604fb118f",
        "lessThan": "2eab4543a220",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "net/ipv6/route.c"
    ],
    "versions": [
      {
        "version": "4.17",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "4.17",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.4.279",
        "lessThanOrEqual": "5.4.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.10.221",
        "lessThanOrEqual": "5.10.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.15.162",
        "lessThanOrEqual": "5.15.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.1.96",
        "lessThanOrEqual": "6.1.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.6.36",
        "lessThanOrEqual": "6.6.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.9.7",
        "lessThanOrEqual": "6.9.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.10",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]

Related

cbl_mariner 1
ubuntucve 1
osv 19
vulnrichment 1
cve 1
nvd 1
debiancve 1
redhatcve 1
nessus 26
oraclelinux 4
redhat 2
rocky 1
openvas 15
cbl_mariner
cbl_mariner
CVE-2024-40961 affecting package kernel for versions less than 6.6.47.1-1
2024-08-27 05:08:14
ubuntucve
ubuntucve
CVE-2024-40961
2024-07-12 00:00:00
osv
osv
CVE-2024-40961
2024-07-12 13:15:18
Important: kernel security update
2024-08-21 14:53:21
linux, linux-aws, linux-azure, linux-bluefield, linux-gcp, linux-gkeop, linux-ibm, linux-kvm, linux-oracle vulnerabilities
2024-09-12 09:40:42
vulnrichment
vulnrichment
CVE-2024-40961 ipv6: prevent possible NULL deref in fib6_nh_init()
2024-07-12 12:32:02
cve
cve
CVE-2024-40961
2024-07-12 13:15:18
nvd
nvd
CVE-2024-40961
2024-07-12 13:15:18
debiancve
debiancve
CVE-2024-40961
2024-07-12 13:15:18
redhatcve
redhatcve
CVE-2024-40961
2024-07-16 16:57:09
nessus
nessus
RHEL 9 : kernel (RHSA-2024:5363)
2024-08-15 00:00:00
Oracle Linux 9 : kernel (ELSA-2024-5363)
2024-08-15 00:00:00
Rocky Linux 9 : kernel (RLSA-2024:5363)
2024-08-21 00:00:00
oraclelinux
oraclelinux
kernel security update
2024-08-14 00:00:00
Unbreakable Enterprise kernel-container security update
2024-09-11 00:00:00
Unbreakable Enterprise kernel security update
2024-09-10 00:00:00
redhat
redhat
(RHSA-2024:5363) Important: kernel security update
2024-08-14 00:03:33
(RHSA-2024:5422) Important: OpenShift Container Platform 4.16.8 bug fix and security update
2024-08-20 15:08:36
rocky
rocky
kernel security update
2024-08-21 14:53:21
openvas
openvas
Ubuntu: Security Advisory (USN-7003-3)
2024-09-16 00:00:00
Ubuntu: Security Advisory (USN-7003-1)
2024-09-12 00:00:00
Ubuntu: Security Advisory (USN-7003-2)
2024-09-12 00:00:00

EPSS

0

Percentile

5.0%

JSON
Related for CVELIST:CVE-2024-40961
cbl_mariner1ubuntucve1osv19vulnrichment1cve1nvd1debiancve1redhatcve1nessus26oraclelinux4redhat2rocky1openvas15