CVE-2024-43836

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Aug 17, 2024

Updated: Aug 19, 2024

CWE ID 476

Summary

CVE-2024-43836 is a vulnerability affecting the Linux kernel. This issue involves a potential null dereference in the net: ethtool: pse-pd component. The problem arises when a PSE supports both c33 and PoDL extensions, but only one of the netlink attributes is specified during configuration. Although the c33 or PoDL PSE capabilities are already validated, a null dereference may still occur under specific conditions. This vulnerability has been addressed in recent Linux kernel updates.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Linux Kernel

Affected Vendors

LINUX

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/x1aCo7
https://www.cve.org/CVERecord?id=CVE-2024-43836
https://nvd.nist.gov/vuln/detail/CVE-2024-43836

Back to Vulnerability Database