CVE-2024-43836

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Aug 17, 2024
Updated: Aug 19, 2024
CWE ID 476

Summary

CVE-2024-43836 is a vulnerability affecting the Linux kernel. This issue involves a potential null dereference in the net: ethtool: pse-pd component. The problem arises when a PSE supports both c33 and PoDL extensions, but only one of the netlink attributes is specified during configuration. Although the c33 or PoDL PSE capabilities are already validated, a null dereference may still occur under specific conditions. This vulnerability has been addressed in recent Linux kernel updates.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share