{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2024-40961","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-07-12T12:17:45.594Z","datePublished":"2024-07-12T12:32:02.654Z","dateUpdated":"2025-11-03T21:58:27.367Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T09:18:51.755Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: prevent possible NULL deref in fib6_nh_init()\n\nsyzbot reminds us that in6_dev_get() can return NULL.\n\nfib6_nh_init()\n ip6_validate_gw( &idev )\n ip6_route_check_nh( idev )\n *idev = in6_dev_get(dev); // can be NULL\n\nOops: general protection fault, probably for non-canonical address 0xdffffc00000000bc: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x00000000000005e0-0x00000000000005e7]\nCPU: 0 PID: 11237 Comm: syz-executor.3 Not tainted 6.10.0-rc2-syzkaller-00249-gbe27b8965297 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024\n RIP: 0010:fib6_nh_init+0x640/0x2160 net/ipv6/route.c:3606\nCode: 00 00 fc ff df 4c 8b 64 24 58 48 8b 44 24 28 4c 8b 74 24 30 48 89 c1 48 89 44 24 28 48 8d 98 e0 05 00 00 48 89 d8 48 c1 e8 03 <42> 0f b6 04 38 84 c0 0f 85 b3 17 00 00 8b 1b 31 ff 89 de e8 b8 8b\nRSP: 0018:ffffc900032775a0 EFLAGS: 00010202\nRAX: 00000000000000bc RBX: 00000000000005e0 RCX: 0000000000000000\nRDX: 0000000000000010 RSI: ffffc90003277a54 RDI: ffff88802b3a08d8\nRBP: ffffc900032778b0 R08: 00000000000002fc R09: 0000000000000000\nR10: 00000000000002fc R11: 0000000000000000 R12: ffff88802b3a08b8\nR13: 1ffff9200064eec8 R14: ffffc90003277a00 R15: dffffc0000000000\nFS: 00007f940feb06c0(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000000 CR3: 00000000245e8000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \n ip6_route_info_create+0x99e/0x12b0 net/ipv6/route.c:3809\n ip6_route_add+0x28/0x160 net/ipv6/route.c:3853\n ipv6_route_ioctl+0x588/0x870 net/ipv6/route.c:4483\n inet6_ioctl+0x21a/0x280 net/ipv6/af_inet6.c:579\n sock_do_ioctl+0x158/0x460 net/socket.c:1222\n sock_ioctl+0x629/0x8e0 net/socket.c:1341\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:907 [inline]\n __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:893\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f940f07cea9"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/ipv6/route.c"],"versions":[{"version":"428604fb118facce1309670779a35baf27ad044c","lessThan":"3200ffeec4d59aad5bc9ca75d2c1fae47c0aeade","status":"affected","versionType":"git"},{"version":"428604fb118facce1309670779a35baf27ad044c","lessThan":"de5ad4d45cd0128a2a37555f48ab69aa19d78adc","status":"affected","versionType":"git"},{"version":"428604fb118facce1309670779a35baf27ad044c","lessThan":"4cdfe813015d5a24586bd0a84fa0fa6eb0a1f668","status":"affected","versionType":"git"},{"version":"428604fb118facce1309670779a35baf27ad044c","lessThan":"88b9a55e2e35ea846d41f4efdc29d23345bd1aa4","status":"affected","versionType":"git"},{"version":"428604fb118facce1309670779a35baf27ad044c","lessThan":"b6947723c9eabcab58cfb33cdb0a565a6aee6727","status":"affected","versionType":"git"},{"version":"428604fb118facce1309670779a35baf27ad044c","lessThan":"ae8d3d39efe366c2198f530e01e4bf07830bf403","status":"affected","versionType":"git"},{"version":"428604fb118facce1309670779a35baf27ad044c","lessThan":"2eab4543a2204092c3a7af81d7d6c506e59a03a6","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/ipv6/route.c"],"versions":[{"version":"4.17","status":"affected"},{"version":"0","lessThan":"4.17","status":"unaffected","versionType":"semver"},{"version":"5.4.279","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.221","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.162","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.96","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.36","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.9.7","lessThanOrEqual":"6.9.*","status":"unaffected","versionType":"semver"},{"version":"6.10","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.17","versionEndExcluding":"5.4.279"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.17","versionEndExcluding":"5.10.221"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.17","versionEndExcluding":"5.15.162"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.17","versionEndExcluding":"6.1.96"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.17","versionEndExcluding":"6.6.36"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.17","versionEndExcluding":"6.9.7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.17","versionEndExcluding":"6.10"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/3200ffeec4d59aad5bc9ca75d2c1fae47c0aeade"},{"url":"https://git.kernel.org/stable/c/de5ad4d45cd0128a2a37555f48ab69aa19d78adc"},{"url":"https://git.kernel.org/stable/c/4cdfe813015d5a24586bd0a84fa0fa6eb0a1f668"},{"url":"https://git.kernel.org/stable/c/88b9a55e2e35ea846d41f4efdc29d23345bd1aa4"},{"url":"https://git.kernel.org/stable/c/b6947723c9eabcab58cfb33cdb0a565a6aee6727"},{"url":"https://git.kernel.org/stable/c/ae8d3d39efe366c2198f530e01e4bf07830bf403"},{"url":"https://git.kernel.org/stable/c/2eab4543a2204092c3a7af81d7d6c506e59a03a6"}],"title":"ipv6: prevent possible NULL deref in fib6_nh_init()","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/3200ffeec4d59aad5bc9ca75d2c1fae47c0aeade","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/de5ad4d45cd0128a2a37555f48ab69aa19d78adc","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/4cdfe813015d5a24586bd0a84fa0fa6eb0a1f668","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/88b9a55e2e35ea846d41f4efdc29d23345bd1aa4","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/b6947723c9eabcab58cfb33cdb0a565a6aee6727","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/ae8d3d39efe366c2198f530e01e4bf07830bf403","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/2eab4543a2204092c3a7af81d7d6c506e59a03a6","tags":["x_transferred"]},{"url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T21:58:27.367Z"}},{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2024-40961","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-09-10T17:03:26.191957Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-11T17:34:23.580Z"}}]}}