{"uuid": "8dd46472-1c0d-4b54-bf73-2a4d7b80aa64", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47707", "type": "seen", "source": "https://t.me/cvedetector/8469", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47707 - Google Compute Engine IPv6 Null Pointer Dereference\", \n  \"Content\": \"CVE ID : CVE-2024-47707 \nPublished : Oct. 21, 2024, 12:15 p.m. | 41\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev()  \n  \nBlamed commit accidentally removed a check for rt->rt6i_idev being NULL,  \nas spotted by syzbot:  \n  \nOops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN PTI  \nKASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]  \nCPU: 1 UID: 0 PID: 10998 Comm: syz-executor Not tainted 6.11.0-rc6-syzkaller-00208-g625403177711 #0  \nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024  \n RIP: 0010:rt6_uncached_list_flush_dev net/ipv6/route.c:177 [inline]  \n RIP: 0010:rt6_disable_ip+0x33e/0x7e0 net/ipv6/route.c:4914  \nCode: 41 80 3c 04 00 74 0a e8 90 d0 9b f7 48 8b 7c 24 08 48 8b 07 48 89 44 24 10 4c 89 f0 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <803c 08 00 74 08 4c 89 f7 e8 64 d0 9b f7 48 8b 44 24 18 49 39 06  \nRSP: 0018:ffffc900047374e0 EFLAGS: 00010246  \nRAX: 0000000000000000 RBX: 1ffff1100fdf8f33 RCX: dffffc0000000000  \nRDX: 0000000000000000 RSI: 0000000000000004 RDI: ffff88807efc78c0  \nRBP: ffffc900047375d0 R08: 0000000000000003 R09: fffff520008e6e8c  \nR10: dffffc0000000000 R11: fffff520008e6e8c R12: 1ffff1100fdf8f18  \nR13: ffff88807efc7998 R14: 0000000000000000 R15: ffff88807efc7930  \nFS:  0000000000000000(0000) GS:ffff8880b8900000(0000) knlGS:0000000000000000  \nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033  \nCR2: 0000000020002a80 CR3: 0000000022f62000 CR4: 00000000003506f0  \nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000  \nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400  \nCall Trace:  \n   \n  addrconf_ifdown+0x15d/0x1bd0 net/ipv6/addrconf.c:3856  \n addrconf_notify+0x3cb/0x1020  \n  notifier_call_chain+0x19f/0x3e0 kernel/notifier.c:93  \n  call_netdevice_notifiers_extack net/core/dev.c:2032 [inline]  \n  call_netdevice_notifiers net/core/dev.c:2046 [inline]  \n  unregister_netdevice_many_notify+0xd81/0x1c40 net/core/dev.c:11352  \n  unregister_netdevice_many net/core/dev.c:11414 [inline]  \n  unregister_netdevice_queue+0x303/0x370 net/core/dev.c:11289  \n  unregister_netdevice include/linux/netdevice.h:3129 [inline]  \n  __tun_detach+0x6b9/0x1600 drivers/net/tun.c:685  \n  tun_detach drivers/net/tun.c:701 [inline]  \n  tun_chr_close+0x108/0x1b0 drivers/net/tun.c:3510  \n  __fput+0x24a/0x8a0 fs/file_table.c:422  \n  task_work_run+0x24f/0x310 kernel/task_work.c:228  \n  exit_task_work include/linux/task_work.h:40 [inline]  \n  do_exit+0xa2f/0x27f0 kernel/exit.c:882  \n  do_group_exit+0x207/0x2c0 kernel/exit.c:1031  \n  __do_sys_exit_group kernel/exit.c:1042 [inline]  \n  __se_sys_exit_group kernel/exit.c:1040 [inline]  \n  __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1040  \n  x64_sys_call+0x2634/0x2640 arch/x86/include/generated/asm/syscalls_64.h:232  \n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]  \n  do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83  \n entry_SYSCALL_64_after_hwframe+0x77/0x7f  \nRIP: 0033:0x7f1acc77def9  \nCode: Unable to access opcode bytes at 0x7f1acc77decf.  \nRSP: 002b:00007ffeb26fa738 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7  \nRAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f1acc77def9  \nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000043  \nRBP: 00007f1acc7dd508 R08: 00007ffeb26f84d7 R09: 0000000000000003  \nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001  \nR13: 0000000000000003 R14: 00000000ffffffff R15: 00007ffeb26fa8e0  \n   \nModules linked in:  \n---[ end trace 0000000000000000 ]---  \n RIP: 0010:rt6_uncached_list_flush_dev net/ipv6/route.c:177 [inline]  \n RIP: 0010:rt6_disable_ip+0x33e/0x7e0 net/ipv6/route.c:4914  \nCode: 41 80 3c 04 00 74 0a e8 90 d0 9b f7 48 8b 7c 24 08 48 8b 07 48 89 44 24 10 4c 89 f0 48 c1 e8 03 48 b9 [...]", "creation_timestamp": "2024-10-21T15:09:57.000000Z"}