CVE-2024-40961— ipv6: prevent possible NULL deref in fib6_nh_init()
Affected Version Matrix 16
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 428604fb118facce1309670779a35baf27ad044c< 3200ffeec4d59aad5bc9ca75d2c1fae47c0aeade | affected |
428604fb118facce1309670779a35baf27ad044c< de5ad4d45cd0128a2a37555f48ab69aa19d78adc | affected | ||
428604fb118facce1309670779a35baf27ad044c< 4cdfe813015d5a24586bd0a84fa0fa6eb0a1f668 | affected | ||
428604fb118facce1309670779a35baf27ad044c< 88b9a55e2e35ea846d41f4efdc29d23345bd1aa4 | affected | ||
428604fb118facce1309670779a35baf27ad044c< b6947723c9eabcab58cfb33cdb0a565a6aee6727 | affected | ||
428604fb118facce1309670779a35baf27ad044c< ae8d3d39efe366c2198f530e01e4bf07830bf403 | affected | ||
428604fb118facce1309670779a35baf27ad044c< 2eab4543a2204092c3a7af81d7d6c506e59a03a6 | affected | ||
4.17 | affected | ||
| … +8 more rows | |||
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-40961
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ipv6: prevent possible NULL deref in fib6_nh_init()
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent possible NULL deref in fib6_nh_init() syzbot reminds us that in6_dev_get() can return NULL. fib6_nh_init() ip6_validate_gw( &idev ) ip6_route_check_nh( idev ) *idev = in6_dev_get(dev); // can be NULL Oops: general protection fault, probably for non-canonical address 0xdffffc00000000bc: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range [0x00000000000005e0-0x00000000000005e7] CPU: 0 PID: 11237 Comm: syz-executor.3 Not tainted 6.10.0-rc2-syzkaller-00249-gbe27b8965297 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 RIP: 0010:fib6_nh_init+0x640/0x2160 net/ipv6/route.c:3606 Code: 00 00 fc ff df 4c 8b 64 24 58 48 8b 44 24 28 4c 8b 74 24 30 48 89 c1 48 89 44 24 28 48 8d 98 e0 05 00 00 48 89 d8 48 c1 e8 03 <42> 0f b6 04 38 84 c0 0f 85 b3 17 00 00 8b 1b 31 ff 89 de e8 b8 8b RSP: 0018:ffffc900032775a0 EFLAGS: 00010202 RAX: 00000000000000bc RBX: 00000000000005e0 RCX: 0000000000000000 RDX: 0000000000000010 RSI: ffffc90003277a54 RDI: ffff88802b3a08d8 RBP: ffffc900032778b0 R08: 00000000000002fc R09: 0000000000000000 R10: 00000000000002fc R11: 0000000000000000 R12: ffff88802b3a08b8 R13: 1ffff9200064eec8 R14: ffffc90003277a00 R15: dffffc0000000000 FS: 00007f940feb06c0(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 00000000245e8000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> ip6_route_info_create+0x99e/0x12b0 net/ipv6/route.c:3809 ip6_route_add+0x28/0x160 net/ipv6/route.c:3853 ipv6_route_ioctl+0x588/0x870 net/ipv6/route.c:4483 inet6_ioctl+0x21a/0x280 net/ipv6/af_inet6.c:579 sock_do_ioctl+0x158/0x460 net/socket.c:1222 sock_ioctl+0x629/0x8e0 net/socket.c:1341 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:907 [inline] __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:893 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f940f07cea9
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel 存在安全漏洞,该漏洞源于 ipv6 组件的 fib6_nh_init 函数未能正确处理 in6_dev_get 函数返回 NULL 的情况。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2024-40961
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-40961
请登录查看更多情报信息。
Other References for CVE-2024-40961 (7)
Same Patch Batch · Linux · 2024-07-12 · 122 CVEs total
| CVE-2024-40959 | xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() | |
| CVE-2024-40975 | platform/x86: x86-android-tablets: Unregister devices in reverse order | |
| CVE-2024-40974 | powerpc/pseries: Enforce hcall result buffer validity and size | |
| CVE-2024-40973 | media: mtk-vcodec: potential null pointer deference in SCP | |
| CVE-2024-40972 | ext4: do not create EA inode under buffer lock | |
| CVE-2024-40970 | Avoid hw_desc array overrun in dw-axi-dmac | |
| CVE-2024-40971 | f2fs: remove clear SB_INLINECRYPT flag in default_options | |
| CVE-2024-40969 | f2fs: don't set RO when shutting down f2fs | |
| CVE-2024-40967 | serial: imx: Introduce timeout when waiting on transmitter empty | |
| CVE-2024-40968 | MIPS: Octeon: Add PCIe link status check | |
| CVE-2024-40966 | tty: add the option to have a tty reject a new ldisc | |
| CVE-2024-40965 | i2c: lpi2c: Avoid calling clk_get_rate during transfer | |
| CVE-2024-40964 | ALSA: hda: cs35l41: Possible null pointer dereference in cs35l41_hda_unbind() | |
| CVE-2024-40963 | mips: bmips: BCM6358: make sure CBR is correctly set | |
| CVE-2024-40962 | btrfs: zoned: allocate dummy checksums for zoned NODATASUM writes | |
| CVE-2024-40960 | ipv6: prevent possible NULL dereference in rt6_probe() | |
| CVE-2024-40950 | mm: huge_memory: fix misused mapping_large_folio_support() for anon folios | |
| CVE-2024-40949 | mm: shmem: fix getting incorrect lruvec when replacing a shmem folio | |
| CVE-2024-40947 | ima: Avoid blocking in RCU read-side critical section | |
| CVE-2024-40951 | ocfs2: fix NULL pointer dereference in ocfs2_abort_trigger() |
Showing top 20 of 122 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: Linux
- CVE-2026-53277
KVM: arm64: Take the SRCU lock for page table walks in fault - CVE-2026-53276
Bluetooth: ISO: Fix a use-after-free of the hci_conn pointer - CVE-2026-53275
ipv6: mcast: Fix use-after-free when processing MLD queries - CVE-2026-53274
net/smc: fix sleep-inside-lock in __smc_setsockopt() causing - CVE-2026-53273
tee: optee: prevent use-after-free when the client exits bef
Same vendor: Linux
- CVE-2026-53277
KVM: arm64: Take the SRCU lock for page table walks in fault - CVE-2026-53276
Bluetooth: ISO: Fix a use-after-free of the hci_conn pointer - CVE-2026-53275
ipv6: mcast: Fix use-after-free when processing MLD queries - CVE-2026-53274
net/smc: fix sleep-inside-lock in __smc_setsockopt() causing - CVE-2026-53273
tee: optee: prevent use-after-free when the client exits bef
V. Comments for CVE-2024-40961
No comments yet