SB2024091359 - NULL pointer dereference in Linux kernel net driver
Published: September 13, 2024 Updated: May 12, 2025
Security Bulletin ID
SB2024091359
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) NULL pointer dereference (CVE-ID: CVE-2024-46677)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the gtp_encap_enable_socket() function in drivers/net/gtp.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/620fe9809752fae91b4190e897b81ed9976dfb39
- https://git.kernel.org/stable/c/bdd99e5f0ad5fa727b16f2101fe880aa2bff2f8e
- https://git.kernel.org/stable/c/8bbb9e4e0e66a39282e582d0440724055404b38c
- https://git.kernel.org/stable/c/4643b91691e969b1b9ad54bf552d7a990cfa3b87
- https://git.kernel.org/stable/c/e8b9930b0eb045d19e883c65ff9676fc89320c70
- https://git.kernel.org/stable/c/28c67f0f84f889fe9f4cbda8354132b20dc9212d
- https://git.kernel.org/stable/c/612edd35f2a3910ab1f61c1f2338889d4ba99fa2
- https://git.kernel.org/stable/c/defd8b3c37b0f9cb3e0f60f47d3d78d459d57fda
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.321
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.225
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.166
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.283
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.108
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10.8
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.11
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.49