SB2025011789 - NULL pointer dereference in Linux kernel netfilter ipvs
Published: January 17, 2025 Updated: May 11, 2025
Security Bulletin ID
SB2025011789
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) NULL pointer dereference (CVE-ID: CVE-2024-53680)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ip_vs_protocol_net_cleanup() and ip_vs_protocol_init() functions in net/netfilter/ipvs/ip_vs_proto.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/0b2cbed82b7c6504a8a0fbd181f92dd56b432c12
- https://git.kernel.org/stable/c/124834133b32f9386bb2d8581d9ab92f65e951e4
- https://git.kernel.org/stable/c/146b6f1112eb30a19776d6c323c994e9d67790db
- https://git.kernel.org/stable/c/31d1ddc1ce8e8d3f101a679243abb42a313ee88a
- https://git.kernel.org/stable/c/48130002e64fd191b7d18efeb4d253fcc23e4688
- https://git.kernel.org/stable/c/664d0feab92495b6a27edc3d1119e232c0fe8b2b
- https://git.kernel.org/stable/c/d6e1776f51c95827142f1d7064118e255e2deec1
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.174