CVE-2024-35857

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-35857

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-35857.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-35857

Downstream

BELL-CVE-2024-35857

RHSA-2024:4533

RHSA-2024:4554

RHSA-2024:4928

SUSE-SU-2024:2372-1

SUSE-SU-2024:2394-1

SUSE-SU-2024:2571-1

SUSE-SU-2024:2896-1

SUSE-SU-2024:2939-1

SUSE-SU-2024:2973-1

UBUNTU-CVE-2024-35857

USN-6898-1

USN-6898-2

USN-6898-3

USN-6898-4

USN-6917-1

USN-6919-1

USN-6927-1

USN-6949-1

USN-6949-2

USN-6952-1

USN-6952-2

USN-6955-1

USN-7019-1

Related

Published

2024-05-17T15:15:23Z

Modified

2025-08-09T19:01:27Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

icmp: prevent possible NULL dereferences from icmpbuildprobe()

First problem is a double call to _indevgetrcu(), because the second one could return NULL.

if (_indevgetrcu(dev) && _indevgetrcu(dev)->ifa_list)

Second problem is a read from dev->ip6_ptr with no NULL check:

if (!listempty(&rcudereference(dev->ip6ptr)->addrlist))

Use the correct RCU API to fix these.

v2: add missing include <net/addrconf.h>

References

CVE-2024-35857

Affected packages