ghsa-64qj-9hxc-x9rc
Vulnerability from github
Published
2024-09-13 06:30
Modified
2024-09-13 18:31
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details

In the Linux kernel, the following vulnerability has been resolved:

gtp: fix a potential NULL pointer dereference

When sockfd_lookup() fails, gtp_encap_enable_socket() returns a NULL pointer, but its callers only check for error pointers thus miss the NULL pointer case.

Fix it by returning an error pointer with the error code carried from sockfd_lookup().

(I found this bug during code inspection.)

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2024-46677"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-13T06:15:12Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ngtp: fix a potential NULL pointer dereference\n\nWhen sockfd_lookup() fails, gtp_encap_enable_socket() returns a\nNULL pointer, but its callers only check for error pointers thus miss\nthe NULL pointer case.\n\nFix it by returning an error pointer with the error code carried from\nsockfd_lookup().\n\n(I found this bug during code inspection.)",
  "id": "GHSA-64qj-9hxc-x9rc",
  "modified": "2024-09-13T18:31:46Z",
  "published": "2024-09-13T06:30:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46677"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/28c67f0f84f889fe9f4cbda8354132b20dc9212d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4643b91691e969b1b9ad54bf552d7a990cfa3b87"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/612edd35f2a3910ab1f61c1f2338889d4ba99fa2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/620fe9809752fae91b4190e897b81ed9976dfb39"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8bbb9e4e0e66a39282e582d0440724055404b38c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bdd99e5f0ad5fa727b16f2101fe880aa2bff2f8e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/defd8b3c37b0f9cb3e0f60f47d3d78d459d57fda"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e8b9930b0eb045d19e883c65ff9676fc89320c70"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.