CVE-2024-27025

Advisory lineage Upstream: 0 Downstream: 19
Modified
Published: 01 May 2024, 12:49
Last modified:12 May 2026, 11:51

Vulnerability Summary

Overall Risk (default)
low
22/100
CVSS Score
5.5 MEDIUM
v3.1 (nvd)
EPSS Score
<0.01% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

01 May 2024, 12:49
Published
Vulnerability first disclosed
12 May 2026, 11:51
Last Modified
Vulnerability information updated

Description

In the Linux kernel, the following vulnerability has been resolved: nbd: null check for nla_nest_start nla_nest_start() may fail and return NULL. Insert a check and set errno based on other call sites within the same source code.

CVSS Metrics

  • v3.1MEDIUMScore: 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Trends

Current EPSS score: 0.01% Percentile: 1%

Techniques & Countermeasures

  • CWE-476NULL Pointer Dereference

    The product dereferences a pointer that it expects to be valid but is NULL.

Affected Systems

  • debiandebian_linux

    10.0

  • linuxlinux

    ≥ 47d902b90a32a42a3d33aef3a02170fc6f70aa23, < 44214d744be32a4769faebba764510888f1eb19e | ≥ 47d902b90a32a42a3d33aef3a02170fc6f70aa23, < 4af837db0fd3679fabc7b7758397090b0c06dced | ≥ 47d902b90a32a42a3d33aef3a02170fc6f70aa23, < 98e60b538e66c90b9a856828c71d4e975ebfa797 | ≥ 47d902b90a32a42a3d33aef3a02170fc6f70aa23, < 96436365e5d80d0106ea785a4f80a58e7c9edff8 | ≥ 47d902b90a32a42a3d33aef3a02170fc6f70aa23, < b7f5aed55829f376e4f7e5ea5b80ccdcb023e983 | ≥ 47d902b90a32a42a3d33aef3a02170fc6f70aa23, < e803040b368d046434fbc8a91945c690332c4fcf | ≥ 47d902b90a32a42a3d33aef3a02170fc6f70aa23, < ba6a9970ce9e284cbc04099361c58731e308596a | ≥ 47d902b90a32a42a3d33aef3a02170fc6f70aa23, < 31edf4bbe0ba27fd03ac7d87eb2ee3d2a231af6d | 4.12

  • linuxlinux_kernel

    ≥ 4.12, < 5.4.273 | ≥ 5.5, < 5.10.214 | ≥ 5.11, < 5.15.153 | ≥ 5.16, < 6.1.83 | ≥ 6.2, < 6.6.23 | ≥ 6.7, < 6.7.11 | ≥ 6.8, < 6.8.2

References (10)