CVE-2024-40959

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.10.0-rc2-syzkaller-00383-gb8481381d4e2

Description A vulnerability has been resolved in the Linux kernel. The issue is related to the function xfrm6 get saddr() not properly checking the return value of ip6 dst idev(), which can return NULL. This can lead to a null pointer dereference, causing a general protection fault. The vulnerability was reported by syzbot and is associated with a non-canonical address.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.