CVE-2024-26855

net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink()

Description

In the Linux kernel, the following vulnerability has been resolved: net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink() The function ice_bridge_setlink() may encounter a NULL pointer dereference if nlmsg_find_attr() returns NULL and br_spec is dereferenced subsequently in nla_for_each_nested(). To address this issue, add a check to ensure that br_spec is not NULL before proceeding with the nested attribute iteration.

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.05%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/d9fefc51133107e59d192d773be86c1150cfeebb patch
https://git.kernel.org/stable/c/37fe99016b12d32100ce670216816dba6c48b309 patch
https://git.kernel.org/stable/c/8d95465d9a424200485792858c5b3be54658ce19 patch
https://git.kernel.org/stable/c/afdd29726a6de4ba27cd15590661424c888dc596 patch
https://git.kernel.org/stable/c/1a770927dc1d642b22417c3e668c871689fc58b3 patch
https://git.kernel.org/stable/c/0e296067ae0d74a10b4933601f9aa9f0ec8f157f patch
https://git.kernel.org/stable/c/06e456a05d669ca30b224b8ed962421770c1496c patch
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html mailing list

Frequently Asked Questions

What is the severity of CVE-2024-26855?
CVE-2024-26855 has been scored as a medium severity vulnerability.
How to fix CVE-2024-26855?
To fix CVE-2024-26855, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-26855 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-26855 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-26855?
CVE-2024-26855 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.