CVE-2024-35857

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-35857
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-35857.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-35857
Downstream
Related
Published
2024-05-17T15:15:23Z
Modified
2025-08-09T19:01:27Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

icmp: prevent possible NULL dereferences from icmpbuildprobe()

First problem is a double call to _indevgetrcu(), because the second one could return NULL.

if (_indevgetrcu(dev) && _indevgetrcu(dev)->ifa_list)

Second problem is a read from dev->ip6_ptr with no NULL check:

if (!listempty(&rcudereference(dev->ip6ptr)->addrlist))

Use the correct RCU API to fix these.

v2: add missing include <net/addrconf.h>

References

Affected packages