CVE-2024-26723

2024-04-0300:00:00

ubuntu.com

linux kernel

vulnerability

lan966x interface

crash

lag interface

port

null pointer

fix

7.8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.5%

JSON

In the Linux kernel, the following vulnerability has been resolved:
lan966x: Fix crash when adding interface under a lag There is a crash when
adding one of the lan966x interfaces under a lag interface. The issue can
be reproduced like this: ip link add name bond0 type bond miimon 100 mode
balance-xor ip link set dev eth0 master bond0 The reason is because when
adding a interface under the lag it would go through all the ports and try
to figure out which other ports are under that lag interface. And the issue
is that lan966x can have ports that are NULL pointer as they are not
probed. So then iterating over these ports it would just crash as they are
NULL pointers. The fix consists in actually checking for NULL pointers
before accessing something from the ports. Like we do in other places.

OSVersionArchitecturePackageVersionFilename
ubuntu23.10noarchlinux< anyUNKNOWN
ubuntu23.10noarchlinux-aws< anyUNKNOWN
ubuntu22.04noarchlinux-aws-6.5< anyUNKNOWN
ubuntu23.10noarchlinux-azure< anyUNKNOWN
ubuntu22.04noarchlinux-azure-6.5< anyUNKNOWN
ubuntu23.10noarchlinux-gcp< anyUNKNOWN
ubuntu22.04noarchlinux-gcp-6.5< anyUNKNOWN
ubuntu22.04noarchlinux-hwe-6.5< anyUNKNOWN
ubuntu23.10noarchlinux-laptop< anyUNKNOWN
ubuntu23.10noarchlinux-lowlatency< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	23.10	noarch	linux	< any	UNKNOWN
ubuntu	23.10	noarch	linux-aws	< any	UNKNOWN
ubuntu	22.04	noarch	linux-aws-6.5	< any	UNKNOWN
ubuntu	23.10	noarch	linux-azure	< any	UNKNOWN
ubuntu	22.04	noarch	linux-azure-6.5	< any	UNKNOWN
ubuntu	23.10	noarch	linux-gcp	< any	UNKNOWN
ubuntu	22.04	noarch	linux-gcp-6.5	< any	UNKNOWN
ubuntu	22.04	noarch	linux-hwe-6.5	< any	UNKNOWN
ubuntu	23.10	noarch	linux-laptop	< any	UNKNOWN
ubuntu	23.10	noarch	linux-lowlatency	< any	UNKNOWN