CVE-2024-27025: nbd: null check for nla_nest_start
First published: Wed May 01 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: nbd: null check for nla_nest_start nla_nest_start() may fail and return NULL. Insert a check and set errno based on other call sites within the same source code.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel | <5.4.273 | 5.4.273 |
| redhat/kernel | <5.10.214 | 5.10.214 |
| redhat/kernel | <5.15.153 | 5.15.153 |
| redhat/kernel | <6.1.83 | 6.1.83 |
| redhat/kernel | <6.6.23 | 6.6.23 |
| redhat/kernel | <6.7.11 | 6.7.11 |
| redhat/kernel | <6.8.2 | 6.8.2 |
| redhat/kernel | <6.9 | 6.9 |
| Linux kernel | >=4.12<5.4.273 | |
| Linux kernel | >=5.5<5.10.214 | |
| Linux kernel | >=5.11<5.15.153 | |
| Linux kernel | >=5.16<6.1.83 | |
| Linux kernel | >=6.2<6.6.23 | |
| Linux kernel | >=6.7<6.7.11 | |
| Linux kernel | >=6.8<6.8.2 | |
| Debian | =10.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://access.redhat.com/security/cve/CVE-2024-27025
- https://lore.kernel.org/linux-cve-announce/2024050107-CVE-2024-27025-babd@gregkh/T
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2278485
- https://access.redhat.com/errata/RHSA-2024:5102
- https://access.redhat.com/errata/RHSA-2024:5101
- https://access.redhat.com/errata/RHSA-2024:9315
- https://bugzilla.redhat.com/show_bug.cgi?id=2278484
- https://git.kernel.org/stable/c/44214d744be32a4769faebba764510888f1eb19e
- https://git.kernel.org/stable/c/4af837db0fd3679fabc7b7758397090b0c06dced
- https://git.kernel.org/stable/c/98e60b538e66c90b9a856828c71d4e975ebfa797
- https://git.kernel.org/stable/c/96436365e5d80d0106ea785a4f80a58e7c9edff8
- https://git.kernel.org/stable/c/b7f5aed55829f376e4f7e5ea5b80ccdcb023e983
- https://git.kernel.org/stable/c/e803040b368d046434fbc8a91945c690332c4fcf
- https://git.kernel.org/stable/c/ba6a9970ce9e284cbc04099361c58731e308596a
- https://git.kernel.org/stable/c/31edf4bbe0ba27fd03ac7d87eb2ee3d2a231af6d
- https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
Frequently Asked Questions
What is the severity of CVE-2024-27025?
CVE-2024-27025 is classified as a medium severity vulnerability.
How do I fix CVE-2024-27025?
To fix CVE-2024-27025, update your Linux kernel to version 5.4.273 or later, 5.10.214 or later, 5.15.153 or later, 6.1.83 or later, 6.6.23 or later, 6.7.11 or later, 6.8.2 or later, or 6.9.
Which versions of the Linux kernel are affected by CVE-2024-27025?
CVE-2024-27025 affects versions of the Linux kernel prior to 5.4.273, 5.10.214, 5.15.153, 6.1.83, 6.6.23, 6.7.11, 6.8.2, and 6.9.
What type of vulnerability is CVE-2024-27025?
CVE-2024-27025 is a code execution vulnerability due to a null check failure in the nbd subsystem of the Linux kernel.
Is there a workaround for CVE-2024-27025?
There is no official workaround for CVE-2024-27025; the best course of action is to apply the necessary kernel updates.
- agent/title
- agent/type
- agent/first-publish-date
- agent/author
- agent/event
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2024-27025
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/references
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup-request
- package-manager/redhat
- vendor/linux
- canonical/linux kernel
- version/linux kernel/4.12
- version/linux kernel/5.5
- version/linux kernel/5.11
- version/linux kernel/5.16
- version/linux kernel/6.2
- version/linux kernel/6.7
- version/linux kernel/6.8
- vendor/debian
- canonical/debian gnu/linux
- version/debian gnu/linux/10.0