Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd416baaa9-dc9f-4396-8d5f-8c081fb06d67NVD:CVE-2024-26723
HistoryApr 03, 2024 - 3:15 p.m.

CVE-2024-26723

2024-04-0315:15:54
CWE-400
416baaa9-dc9f-4396-8d5f-8c081fb06d67
web.nvd.nist.gov
6
linux kernel
vulnerability
crash
lan966x interface
lag interface

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

High

EPSS

0

Percentile

15.5%

JSON

In the Linux kernel, the following vulnerability has been resolved:

lan966x: Fix crash when adding interface under a lag

There is a crash when adding one of the lan966x interfaces under a lag
interface. The issue can be reproduced like this:
ip link add name bond0 type bond miimon 100 mode balance-xor
ip link set dev eth0 master bond0

The reason is because when adding a interface under the lag it would go
through all the ports and try to figure out which other ports are under
that lag interface. And the issue is that lan966x can have ports that are
NULL pointer as they are not probed. So then iterating over these ports
it would just crash as they are NULL pointers.
The fix consists in actually checking for NULL pointers before accessing
something from the ports. Like we do in other places.

Related

vulnrichment 1
redhatcve 1
cvelist 1
ubuntucve 1
debiancve 1
cve 1
osv 5
ubuntu 5
nessus 6
openvas 5
debian 1
vulnrichment
vulnrichment
CVE-2024-26723 lan966x: Fix crash when adding interface under a lag
2024-04-03 14:55:22
redhatcve
redhatcve
CVE-2024-26723
2024-04-03 23:45:27
cvelist
cvelist
CVE-2024-26723 lan966x: Fix crash when adding interface under a lag
2024-04-03 14:55:22
ubuntucve
ubuntucve
CVE-2024-26723
2024-04-03 00:00:00
debiancve
debiancve
CVE-2024-26723
2024-04-03 15:15:54
cve
cve
CVE-2024-26723
2024-04-03 15:15:54
osv
osv
linux-aws-6.5, linux-lowlatency-hwe-6.5, linux-oracle-6.5, linux-starfive-6.5 vulnerabilities
2024-07-19 09:04:56
linux-azure-6.5, linux-gcp-6.5 vulnerabilities
2024-07-16 10:12:28
linux, linux-gcp, linux-nvidia-6.5, linux-raspi vulnerabilities
2024-07-12 10:02:16
ubuntu
ubuntu
Linux kernel vulnerabilities
2024-08-02 00:00:00
Linux kernel vulnerabilities
2024-07-16 00:00:00
Linux kernel vulnerabilities
2024-07-19 00:00:00
nessus
nessus
Ubuntu 22.04 LTS : Linux kernel vulnerabilities (USN-6895-1)
2024-07-12 00:00:00
Ubuntu 22.04 LTS : Linux kernel vulnerabilities (USN-6895-4)
2024-08-02 00:00:00
Ubuntu 22.04 LTS : Linux kernel vulnerabilities (USN-6895-3)
2024-07-19 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-6895-4)
2024-08-05 00:00:00
Ubuntu: Security Advisory (USN-6895-1)
2024-07-15 00:00:00
Ubuntu: Security Advisory (USN-6895-2)
2024-07-17 00:00:00
debian
debian
[SECURITY] [DSA 5658-1] linux security update
2024-04-13 06:38:27

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

High

EPSS

0

Percentile

15.5%

JSON
Related for NVD:CVE-2024-26723
vulnrichment1redhatcve1cvelist1ubuntucve1debiancve1cve1osv5ubuntu5nessus6openvas5debian1