PT-2024-29173 · Linux+8 · Linux Kernel+8

Jianguo Wu

·

Published

2024-06-13

·

Updated

2025-09-29

·

CVE-2024-40957

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The issue is related to the Linux kernel's seg6 module, where the input action end dx4() and input action end dx6() functions are called with NF HOOK() for the PREROUTING hook. In this hook, a valid indev and a NULL outdev should be passed to NF HOOK(). However, if a NULL indev is passed, it may trigger a NULL pointer dereference. This can occur when input action end dx4() passes a NULL indev to NF HOOK(), which can then trigger a NULL dereference in rpfilter mt()->rpfilter is loopback(). The rpfilter is loopback() function checks if a packet is a loopback packet or if the input device has the IFF LOOPBACK flag set.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALSA-2024:5928
ALSA-2025_16880
ALT-PU-2024-13979
ALT-PU-2024-14046
BDU:2025-01854
CVE-2024-40957
DLA-4008-1
DSA-5731-1
INFSA-2024_5928
OESA-2024-1897
RHSA-2024:5928
RHSA-2024_5928
SUSE-SU-2024:3194-1
SUSE-SU-2024:3195-1
SUSE-SU-2024:3383-1
SUSE-SU-2025:20044-1
SUSE-SU-2025:20047-1
USN-6999-1
USN-6999-2
USN-7004-1
USN-7005-1
USN-7005-2
USN-7007-1
USN-7007-2
USN-7007-3
USN-7008-1
USN-7009-1
USN-7009-2
USN-7019-1
USN-7029-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Linuxmint
Linux Kernel
Red Hat
Red Os
Suse
Ubuntu