CVE-2024-46677 (GCVE-0-2024-46677)

Vulnerability from cvelistv5 – Published: 2024-09-13 05:29 – Updated: 2025-11-03 22:16
VLAI?
Summary
In the Linux kernel, the following vulnerability has been resolved: gtp: fix a potential NULL pointer dereference When sockfd_lookup() fails, gtp_encap_enable_socket() returns a NULL pointer, but its callers only check for error pointers thus miss the NULL pointer case. Fix it by returning an error pointer with the error code carried from sockfd_lookup(). (I found this bug during code inspection.)
Severity ?
No CVSS data available.
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: 1e3a3abd8b28cfda9d0d0167e50e0fe11bc372a9 , < 620fe9809752fae91b4190e897b81ed9976dfb39 (git)
Affected: 1e3a3abd8b28cfda9d0d0167e50e0fe11bc372a9 , < bdd99e5f0ad5fa727b16f2101fe880aa2bff2f8e (git)
Affected: 1e3a3abd8b28cfda9d0d0167e50e0fe11bc372a9 , < 8bbb9e4e0e66a39282e582d0440724055404b38c (git)
Affected: 1e3a3abd8b28cfda9d0d0167e50e0fe11bc372a9 , < 4643b91691e969b1b9ad54bf552d7a990cfa3b87 (git)
Affected: 1e3a3abd8b28cfda9d0d0167e50e0fe11bc372a9 , < e8b9930b0eb045d19e883c65ff9676fc89320c70 (git)
Affected: 1e3a3abd8b28cfda9d0d0167e50e0fe11bc372a9 , < 28c67f0f84f889fe9f4cbda8354132b20dc9212d (git)
Affected: 1e3a3abd8b28cfda9d0d0167e50e0fe11bc372a9 , < 612edd35f2a3910ab1f61c1f2338889d4ba99fa2 (git)
Affected: 1e3a3abd8b28cfda9d0d0167e50e0fe11bc372a9 , < defd8b3c37b0f9cb3e0f60f47d3d78d459d57fda (git)
Create a notification for this product.
    Linux Linux Affected: 4.12
Unaffected: 0 , < 4.12 (semver)
Unaffected: 4.19.321 , ≤ 4.19.* (semver)
Unaffected: 5.4.283 , ≤ 5.4.* (semver)
Unaffected: 5.10.225 , ≤ 5.10.* (semver)
Unaffected: 5.15.166 , ≤ 5.15.* (semver)
Unaffected: 6.1.108 , ≤ 6.1.* (semver)
Unaffected: 6.6.49 , ≤ 6.6.* (semver)
Unaffected: 6.10.8 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-46677",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-29T15:12:57.670993Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-29T15:13:12.743Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:16:17.032Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/gtp.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "620fe9809752fae91b4190e897b81ed9976dfb39",
              "status": "affected",
              "version": "1e3a3abd8b28cfda9d0d0167e50e0fe11bc372a9",
              "versionType": "git"
            },
            {
              "lessThan": "bdd99e5f0ad5fa727b16f2101fe880aa2bff2f8e",
              "status": "affected",
              "version": "1e3a3abd8b28cfda9d0d0167e50e0fe11bc372a9",
              "versionType": "git"
            },
            {
              "lessThan": "8bbb9e4e0e66a39282e582d0440724055404b38c",
              "status": "affected",
              "version": "1e3a3abd8b28cfda9d0d0167e50e0fe11bc372a9",
              "versionType": "git"
            },
            {
              "lessThan": "4643b91691e969b1b9ad54bf552d7a990cfa3b87",
              "status": "affected",
              "version": "1e3a3abd8b28cfda9d0d0167e50e0fe11bc372a9",
              "versionType": "git"
            },
            {
              "lessThan": "e8b9930b0eb045d19e883c65ff9676fc89320c70",
              "status": "affected",
              "version": "1e3a3abd8b28cfda9d0d0167e50e0fe11bc372a9",
              "versionType": "git"
            },
            {
              "lessThan": "28c67f0f84f889fe9f4cbda8354132b20dc9212d",
              "status": "affected",
              "version": "1e3a3abd8b28cfda9d0d0167e50e0fe11bc372a9",
              "versionType": "git"
            },
            {
              "lessThan": "612edd35f2a3910ab1f61c1f2338889d4ba99fa2",
              "status": "affected",
              "version": "1e3a3abd8b28cfda9d0d0167e50e0fe11bc372a9",
              "versionType": "git"
            },
            {
              "lessThan": "defd8b3c37b0f9cb3e0f60f47d3d78d459d57fda",
              "status": "affected",
              "version": "1e3a3abd8b28cfda9d0d0167e50e0fe11bc372a9",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/gtp.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.12"
            },
            {
              "lessThan": "4.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.321",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.283",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.225",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.166",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.108",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.49",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.321",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.283",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.225",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.166",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.108",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.49",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.8",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngtp: fix a potential NULL pointer dereference\n\nWhen sockfd_lookup() fails, gtp_encap_enable_socket() returns a\nNULL pointer, but its callers only check for error pointers thus miss\nthe NULL pointer case.\n\nFix it by returning an error pointer with the error code carried from\nsockfd_lookup().\n\n(I found this bug during code inspection.)"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:31:41.420Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/620fe9809752fae91b4190e897b81ed9976dfb39"
        },
        {
          "url": "https://git.kernel.org/stable/c/bdd99e5f0ad5fa727b16f2101fe880aa2bff2f8e"
        },
        {
          "url": "https://git.kernel.org/stable/c/8bbb9e4e0e66a39282e582d0440724055404b38c"
        },
        {
          "url": "https://git.kernel.org/stable/c/4643b91691e969b1b9ad54bf552d7a990cfa3b87"
        },
        {
          "url": "https://git.kernel.org/stable/c/e8b9930b0eb045d19e883c65ff9676fc89320c70"
        },
        {
          "url": "https://git.kernel.org/stable/c/28c67f0f84f889fe9f4cbda8354132b20dc9212d"
        },
        {
          "url": "https://git.kernel.org/stable/c/612edd35f2a3910ab1f61c1f2338889d4ba99fa2"
        },
        {
          "url": "https://git.kernel.org/stable/c/defd8b3c37b0f9cb3e0f60f47d3d78d459d57fda"
        }
      ],
      "title": "gtp: fix a potential NULL pointer dereference",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-46677",
    "datePublished": "2024-09-13T05:29:12.203Z",
    "dateReserved": "2024-09-11T15:12:18.247Z",
    "dateUpdated": "2025-11-03T22:16:17.032Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.12\", \"versionEndExcluding\": \"4.19.321\", \"matchCriteriaId\": \"9DD099A5-3532-49AC-9A2B-2605DC38CC1B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.20\", \"versionEndExcluding\": \"5.4.283\", \"matchCriteriaId\": \"8E6B390A-0CE6-44FC-8CD5-BE8226D6D24C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.5\", \"versionEndExcluding\": \"5.10.225\", \"matchCriteriaId\": \"C57B46A9-B105-4792-8481-1870DEFB436A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.11\", \"versionEndExcluding\": \"5.15.166\", \"matchCriteriaId\": \"913ED6CD-8ACF-48AF-AA18-7880881DD402\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.16\", \"versionEndExcluding\": \"6.1.108\", \"matchCriteriaId\": \"9B5BE381-F079-43D9-AEF2-931856B13219\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.2\", \"versionEndExcluding\": \"6.6.49\", \"matchCriteriaId\": \"1191B7F1-F275-45F5-9E82-A012FF517BFA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.7\", \"versionEndExcluding\": \"6.10.8\", \"matchCriteriaId\": \"1B5D46C3-56A4-4380-9309-27BF73DF29A7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"8B3CE743-2126-47A3-8B7C-822B502CF119\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"4DEB27E7-30AA-45CC-8934-B89263EF3551\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*\", \"matchCriteriaId\": \"E0005AEF-856E-47EB-BFE4-90C46899394D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:6.11:rc4:*:*:*:*:*:*\", \"matchCriteriaId\": \"39889A68-6D34-47A6-82FC-CD0BF23D6754\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:6.11:rc5:*:*:*:*:*:*\", \"matchCriteriaId\": \"B8383ABF-1457-401F-9B61-EE50F4C61F4F\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\ngtp: fix a potential NULL pointer dereference\\n\\nWhen sockfd_lookup() fails, gtp_encap_enable_socket() returns a\\nNULL pointer, but its callers only check for error pointers thus miss\\nthe NULL pointer case.\\n\\nFix it by returning an error pointer with the error code carried from\\nsockfd_lookup().\\n\\n(I found this bug during code inspection.)\"}, {\"lang\": \"es\", \"value\": \"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: gtp: se corrige una posible desreferencia de puntero NULL Cuando sockfd_lookup() falla, gtp_encap_enable_socket() devuelve un puntero NULL, pero sus invocadores solo comprueban los punteros de error, por lo que pasan por alto el caso del puntero NULL. Arr\\u00e9glelo devolviendo un puntero de error con el c\\u00f3digo de error que lleva sockfd_lookup(). (Encontr\\u00e9 este error durante la inspecci\\u00f3n del c\\u00f3digo).\"}]",
      "id": "CVE-2024-46677",
      "lastModified": "2024-09-13T16:51:53.690",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 3.6}]}",
      "published": "2024-09-13T06:15:12.360",
      "references": "[{\"url\": \"https://git.kernel.org/stable/c/28c67f0f84f889fe9f4cbda8354132b20dc9212d\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/4643b91691e969b1b9ad54bf552d7a990cfa3b87\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/612edd35f2a3910ab1f61c1f2338889d4ba99fa2\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/620fe9809752fae91b4190e897b81ed9976dfb39\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/8bbb9e4e0e66a39282e582d0440724055404b38c\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/bdd99e5f0ad5fa727b16f2101fe880aa2bff2f8e\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/defd8b3c37b0f9cb3e0f60f47d3d78d459d57fda\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/e8b9930b0eb045d19e883c65ff9676fc89320c70\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}]",
      "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "vulnStatus": "Analyzed",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-476\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-46677\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-09-13T06:15:12.360\",\"lastModified\":\"2025-11-03T23:15:53.103\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\ngtp: fix a potential NULL pointer dereference\\n\\nWhen sockfd_lookup() fails, gtp_encap_enable_socket() returns a\\nNULL pointer, but its callers only check for error pointers thus miss\\nthe NULL pointer case.\\n\\nFix it by returning an error pointer with the error code carried from\\nsockfd_lookup().\\n\\n(I found this bug during code inspection.)\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: gtp: se corrige una posible desreferencia de puntero NULL Cuando sockfd_lookup() falla, gtp_encap_enable_socket() devuelve un puntero NULL, pero sus invocadores solo comprueban los punteros de error, por lo que pasan por alto el caso del puntero NULL. Arr\u00e9glelo devolviendo un puntero de error con el c\u00f3digo de error que lleva sockfd_lookup(). (Encontr\u00e9 este error durante la inspecci\u00f3n del c\u00f3digo).\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.12\",\"versionEndExcluding\":\"4.19.321\",\"matchCriteriaId\":\"9DD099A5-3532-49AC-9A2B-2605DC38CC1B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.20\",\"versionEndExcluding\":\"5.4.283\",\"matchCriteriaId\":\"8E6B390A-0CE6-44FC-8CD5-BE8226D6D24C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.5\",\"versionEndExcluding\":\"5.10.225\",\"matchCriteriaId\":\"C57B46A9-B105-4792-8481-1870DEFB436A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11\",\"versionEndExcluding\":\"5.15.166\",\"matchCriteriaId\":\"913ED6CD-8ACF-48AF-AA18-7880881DD402\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.16\",\"versionEndExcluding\":\"6.1.108\",\"matchCriteriaId\":\"9B5BE381-F079-43D9-AEF2-931856B13219\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2\",\"versionEndExcluding\":\"6.6.49\",\"matchCriteriaId\":\"1191B7F1-F275-45F5-9E82-A012FF517BFA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7\",\"versionEndExcluding\":\"6.10.8\",\"matchCriteriaId\":\"1B5D46C3-56A4-4380-9309-27BF73DF29A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"8B3CE743-2126-47A3-8B7C-822B502CF119\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"4DEB27E7-30AA-45CC-8934-B89263EF3551\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0005AEF-856E-47EB-BFE4-90C46899394D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.11:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"39889A68-6D34-47A6-82FC-CD0BF23D6754\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.11:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8383ABF-1457-401F-9B61-EE50F4C61F4F\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/28c67f0f84f889fe9f4cbda8354132b20dc9212d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/4643b91691e969b1b9ad54bf552d7a990cfa3b87\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/612edd35f2a3910ab1f61c1f2338889d4ba99fa2\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/620fe9809752fae91b4190e897b81ed9976dfb39\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/8bbb9e4e0e66a39282e582d0440724055404b38c\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/bdd99e5f0ad5fa727b16f2101fe880aa2bff2f8e\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/defd8b3c37b0f9cb3e0f60f47d3d78d459d57fda\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/e8b9930b0eb045d19e883c65ff9676fc89320c70\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-03T22:16:17.032Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-46677\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-29T15:12:57.670993Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-29T15:13:02.018Z\"}}], \"cna\": {\"title\": \"gtp: fix a potential NULL pointer dereference\", \"affected\": [{\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"1e3a3abd8b28cfda9d0d0167e50e0fe11bc372a9\", \"lessThan\": \"620fe9809752fae91b4190e897b81ed9976dfb39\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"1e3a3abd8b28cfda9d0d0167e50e0fe11bc372a9\", \"lessThan\": \"bdd99e5f0ad5fa727b16f2101fe880aa2bff2f8e\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"1e3a3abd8b28cfda9d0d0167e50e0fe11bc372a9\", \"lessThan\": \"8bbb9e4e0e66a39282e582d0440724055404b38c\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"1e3a3abd8b28cfda9d0d0167e50e0fe11bc372a9\", \"lessThan\": \"4643b91691e969b1b9ad54bf552d7a990cfa3b87\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"1e3a3abd8b28cfda9d0d0167e50e0fe11bc372a9\", \"lessThan\": \"e8b9930b0eb045d19e883c65ff9676fc89320c70\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"1e3a3abd8b28cfda9d0d0167e50e0fe11bc372a9\", \"lessThan\": \"28c67f0f84f889fe9f4cbda8354132b20dc9212d\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"1e3a3abd8b28cfda9d0d0167e50e0fe11bc372a9\", \"lessThan\": \"612edd35f2a3910ab1f61c1f2338889d4ba99fa2\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"1e3a3abd8b28cfda9d0d0167e50e0fe11bc372a9\", \"lessThan\": \"defd8b3c37b0f9cb3e0f60f47d3d78d459d57fda\", \"versionType\": \"git\"}], \"programFiles\": [\"drivers/net/gtp.c\"], \"defaultStatus\": \"unaffected\"}, {\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.12\"}, {\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"4.12\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"4.19.321\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"4.19.*\"}, {\"status\": \"unaffected\", \"version\": \"5.4.283\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.4.*\"}, {\"status\": \"unaffected\", \"version\": \"5.10.225\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.10.*\"}, {\"status\": \"unaffected\", \"version\": \"5.15.166\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.15.*\"}, {\"status\": \"unaffected\", \"version\": \"6.1.108\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.1.*\"}, {\"status\": \"unaffected\", \"version\": \"6.6.49\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.6.*\"}, {\"status\": \"unaffected\", \"version\": \"6.10.8\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.10.*\"}, {\"status\": \"unaffected\", \"version\": \"6.11\", \"versionType\": \"original_commit_for_fix\", \"lessThanOrEqual\": \"*\"}], \"programFiles\": [\"drivers/net/gtp.c\"], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://git.kernel.org/stable/c/620fe9809752fae91b4190e897b81ed9976dfb39\"}, {\"url\": \"https://git.kernel.org/stable/c/bdd99e5f0ad5fa727b16f2101fe880aa2bff2f8e\"}, {\"url\": \"https://git.kernel.org/stable/c/8bbb9e4e0e66a39282e582d0440724055404b38c\"}, {\"url\": \"https://git.kernel.org/stable/c/4643b91691e969b1b9ad54bf552d7a990cfa3b87\"}, {\"url\": \"https://git.kernel.org/stable/c/e8b9930b0eb045d19e883c65ff9676fc89320c70\"}, {\"url\": \"https://git.kernel.org/stable/c/28c67f0f84f889fe9f4cbda8354132b20dc9212d\"}, {\"url\": \"https://git.kernel.org/stable/c/612edd35f2a3910ab1f61c1f2338889d4ba99fa2\"}, {\"url\": \"https://git.kernel.org/stable/c/defd8b3c37b0f9cb3e0f60f47d3d78d459d57fda\"}], \"x_generator\": {\"engine\": \"bippy-1.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\ngtp: fix a potential NULL pointer dereference\\n\\nWhen sockfd_lookup() fails, gtp_encap_enable_socket() returns a\\nNULL pointer, but its callers only check for error pointers thus miss\\nthe NULL pointer case.\\n\\nFix it by returning an error pointer with the error code carried from\\nsockfd_lookup().\\n\\n(I found this bug during code inspection.)\"}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"4.19.321\", \"versionStartIncluding\": \"4.12\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.4.283\", \"versionStartIncluding\": \"4.12\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.10.225\", \"versionStartIncluding\": \"4.12\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.15.166\", \"versionStartIncluding\": \"4.12\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.1.108\", \"versionStartIncluding\": \"4.12\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.6.49\", \"versionStartIncluding\": \"4.12\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.10.8\", \"versionStartIncluding\": \"4.12\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.11\", \"versionStartIncluding\": \"4.12\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"shortName\": \"Linux\", \"dateUpdated\": \"2025-05-04T09:31:41.420Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-46677\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-03T22:16:17.032Z\", \"dateReserved\": \"2024-09-11T15:12:18.247Z\", \"assignerOrgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"datePublished\": \"2024-09-13T05:29:12.203Z\", \"assignerShortName\": \"Linux\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.