CVE-2024-39504

medium

Description

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_inner: validate mandatory meta and payload Check for mandatory netlink attributes in payload and meta expression when used embedded from the inner expression, otherwise NULL pointer dereference is possible from userspace.

References

https://git.kernel.org/stable/c/c4ab9da85b9df3692f861512fe6c9812f38b7471

https://git.kernel.org/stable/c/b30669fdea0ca03aa22995e6c99f7e7d9dee89ff

https://git.kernel.org/stable/c/39323f54cad29602917848346c71b087da92a19d

Details

Source: Mitre, NVD

Published: 2024-07-12

Updated: 2024-08-28

Risk Information

CVSS v2

Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: Medium