CVE-2024-46677

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Sep 13, 2024
CWE ID 476

Summary

CVE-2024-46677 is a vulnerability in the Linux kernel related to a NULL pointer dereference in the gtp_encap_enable_socket() function, which occurs when sockfd_lookup() fails. Affected products include various distributions of the Linux kernel that utilize this function. The vulnerability has a medium severity rating (base score of 5.5), and it could lead to high availability impact, though it requires low privileges and no user interaction to exploit. To remediate this issue, users should apply the patches available from the Linux kernel repository links provided. If left unaddressed, this vulnerability may allow local attackers to disrupt system availability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share