CVE-2024-27025: nbd: null check for nla_nest_start
In the Linux kernel, the following vulnerability has been resolved:
nbd: null check for nlaneststart
nlaneststart() may fail and return NULL. Insert a check and set errno based on other call sites within the same source code.
Other sources
In the Linux kernel, the following vulnerability has been resolved:
nbd: null check for nlaneststart
The Linux kernel CVE team has assigned CVE-2024-27025 to this issue.
Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024050107-CVE-2024-27025-babd@gregkh/T
— Red Hat
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of CVE-2024-27025?
CVE-2024-27025 is classified as a medium severity vulnerability.
How do I fix CVE-2024-27025?
To fix CVE-2024-27025, update your Linux kernel to version 5.4.273 or later, 5.10.214 or later, 5.15.153 or later, 6.1.83 or later, 6.6.23 or later, 6.7.11 or later, 6.8.2 or later, or 6.9.
Which versions of the Linux kernel are affected by CVE-2024-27025?
CVE-2024-27025 affects versions of the Linux kernel prior to 5.4.273, 5.10.214, 5.15.153, 6.1.83, 6.6.23, 6.7.11, 6.8.2, and 6.9.
What type of vulnerability is CVE-2024-27025?
CVE-2024-27025 is a code execution vulnerability due to a null check failure in the nbd subsystem of the Linux kernel.
Is there a workaround for CVE-2024-27025?
There is no official workaround for CVE-2024-27025; the best course of action is to apply the necessary kernel updates.