CVE-2024-39504

MEDIUM

Linux Kernel 6.2-6.6.34, 6.7-6.9.5 - NULL Pointer Dereference in nft_inner Expression Validation

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_inner: validate mandatory meta and payload Check for mandatory netlink attributes in payload and meta expression when used embedded from the inner expression, otherwise NULL pointer dereference is possible from userspace.

References (3)

Core 3

Core References

Patch

https://git.kernel.org/stable/c/b30669fdea0ca03aa22995e6c99f7e7d9dee89ff

Patch

https://git.kernel.org/stable/c/39323f54cad29602917848346c71b087da92a19d

Patch

https://git.kernel.org/stable/c/c4ab9da85b9df3692f861512fe6c9812f38b7471

Scores

CVSS v3 5.5

EPSS 0.0027

EPSS Percentile 18.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-476

Status published

Products (12)

linux/Kernel 6.2.0 - 6.6.35linux

linux/Kernel 6.7.0 - 6.9.6linux

Linux/Linux < 6.2

Linux/Linux 3a07327d10a09379315c844c63f27941f5081e0a - 39323f54cad29602917848346c71b087da92a19d

Linux/Linux 3a07327d10a09379315c844c63f27941f5081e0a - b30669fdea0ca03aa22995e6c99f7e7d9dee89ff

Linux/Linux 3a07327d10a09379315c844c63f27941f5081e0a - c4ab9da85b9df3692f861512fe6c9812f38b7471

Linux/Linux 6.10

Linux/Linux 6.2

Linux/Linux 6.6.35 - 6.6.*

Linux/Linux 6.9.6 - 6.9.*

... and 2 more

Published Jul 12, 2024

Tracked Since Feb 18, 2026