CVE-2024-27025: nbd: null check for nla_nest_start

Description

In the Linux kernel, the following vulnerability has been resolved:

nbd: null check for nla_nest_start

nla_nest_start() may fail and return NULL. Insert a check and set errno
based on other call sites within the same source code.

Classification

CVE ID: CVE-2024-27025

Affected Products

Vendor: Linux

Product: Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 5.08% (scored less or equal to compared to others)

EPSS Date: 2025-02-04 (when was this score calculated)

References

https://git.kernel.org/stable/c/44214d744be32a4769faebba764510888f1eb19e
https://git.kernel.org/stable/c/4af837db0fd3679fabc7b7758397090b0c06dced
https://git.kernel.org/stable/c/98e60b538e66c90b9a856828c71d4e975ebfa797
https://git.kernel.org/stable/c/96436365e5d80d0106ea785a4f80a58e7c9edff8
https://git.kernel.org/stable/c/b7f5aed55829f376e4f7e5ea5b80ccdcb023e983
https://git.kernel.org/stable/c/e803040b368d046434fbc8a91945c690332c4fcf
https://git.kernel.org/stable/c/ba6a9970ce9e284cbc04099361c58731e308596a
https://git.kernel.org/stable/c/31edf4bbe0ba27fd03ac7d87eb2ee3d2a231af6d

Timeline

2024-12-20 00:35:33 UTC
CVE

nbd: null check for nla_nest_start