Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-26735

In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix possible use-after-free and null-ptr-deref The pernet operations structure for the subsystem must be registered before registering the generic netlink family.

Security Impact Summary

This vulnerability carries a MEDIUM severity rating with a CVSS v3.1 score of 5.5, requiring local system access to exploit with relatively low complexity without requiring user interaction requiring only low-level privileges . The vulnerability impacts and availability (service disruption) for affected systems. Impacting 17 products from linux, from debian, from netapp and 14 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

Reported in 2024, this vulnerability emerged during an era marked by increased sophistication in supply chain attacks, cloud infrastructure vulnerabilities, and software-as-a-service (SaaS) security challenges. Security practices during this period emphasized zero-trust architectures, container security, and API protection.

Published

2024-04-03T17:15:51.147

Last Modified

2025-03-17T16:05:01.547

Status

Analyzed

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

Severity

CVSSv3.1: 5.5 (MEDIUM)

Weaknesses

Type: Primary
CWE-416
CWE-476

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	linux	linux_kernel	< 4.19.308	Yes
Operating System	linux	linux_kernel	< 5.4.270	Yes
Operating System	linux	linux_kernel	< 5.10.211	Yes
Operating System	linux	linux_kernel	< 5.15.150	Yes
Operating System	linux	linux_kernel	< 6.1.80	Yes
Operating System	linux	linux_kernel	< 6.6.19	Yes
Operating System	linux	linux_kernel	< 6.7.7	Yes
Operating System	linux	linux_kernel	6.8	Yes
Operating System	linux	linux_kernel	6.8	Yes
Operating System	linux	linux_kernel	6.8	Yes
Operating System	linux	linux_kernel	6.8	Yes
Operating System	linux	linux_kernel	6.8	Yes
Operating System	debian	debian_linux	10.0	Yes
Operating System	netapp	8300_firmware	-	Yes
Hardware	netapp	8300	*	No
Operating System	netapp	8700_firmware	-	Yes
Hardware	netapp	8700	*	No
Operating System	netapp	a400_firmware	-	Yes
Hardware	netapp	a400	*	No
Operating System	netapp	c400_firmware	-	Yes
Hardware	netapp	c400	*	No
Operating System	netapp	h610c_firmware	-	Yes
Hardware	netapp	h610c	*	No
Operating System	netapp	h610s_firmware	-	Yes
Hardware	netapp	h610s	*	No
Operating System	netapp	h615c_firmware	-	Yes
Hardware	netapp	h615c	*	No
Application	netapp	e-series_santricity_os_controller	≤ 11.70.2	Yes

References

https://git.kernel.org/stable/c/02b08db594e8218cfbc0e4680d4331b457968a9b Patch (416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/5559cea2d5aa3018a5f00dd2aca3427ba09b386b Patch (416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/65c38f23d10ff79feea1e5d50b76dc7af383c1e6 Patch (416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/82831e3ff76ef09fb184eb93b79a3eb3fb284f1d Patch (416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/8391b9b651cfdf80ab0f1dc4a489f9d67386e197 Patch (416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/91b020aaa1e59bfb669d34c968e3db3d5416bcee Patch (416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/953f42934533c151f440cd32390044d2396b87aa Patch (416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/9e02973dbc6a91e40aa4f5d87b8c47446fbfce44 Patch (416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/02b08db594e8218cfbc0e4680d4331b457968a9b Patch (af854a3a-2127-422b-91ae-364da2661108)
https://git.kernel.org/stable/c/5559cea2d5aa3018a5f00dd2aca3427ba09b386b Patch (af854a3a-2127-422b-91ae-364da2661108)
https://git.kernel.org/stable/c/65c38f23d10ff79feea1e5d50b76dc7af383c1e6 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://git.kernel.org/stable/c/82831e3ff76ef09fb184eb93b79a3eb3fb284f1d Patch (af854a3a-2127-422b-91ae-364da2661108)
https://git.kernel.org/stable/c/8391b9b651cfdf80ab0f1dc4a489f9d67386e197 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://git.kernel.org/stable/c/91b020aaa1e59bfb669d34c968e3db3d5416bcee Patch (af854a3a-2127-422b-91ae-364da2661108)
https://git.kernel.org/stable/c/953f42934533c151f440cd32390044d2396b87aa Patch (af854a3a-2127-422b-91ae-364da2661108)
https://git.kernel.org/stable/c/9e02973dbc6a91e40aa4f5d87b8c47446fbfce44 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html Mailing List (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html Mailing List (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20241101-0012/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For linux's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.