CVE-2024-42322

low-risk

Published 2024-08-17

In the Linux kernel, the following vulnerability has been resolved: ipvs: properly dereference pe in ip_vs_add_service Use pe directly to resolve sparse warning: net/netfilter/ipvs/ip_vs_ctl.c:1471:27: warning: dereference of noderef expression

Do I need to act?

0.02% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.5/10 Medium

LOCAL / LOW complexity

Affected Products (1)

Linux Kernel

Affected Vendors

Linux

References (8)

Patch https://git.kernel.org/stable/c/211168339657f36f32fb597afd0e3ac82d726119

Patch https://git.kernel.org/stable/c/36c997f1e03601475ad0fda0e0f59b7a209e756b

Patch https://git.kernel.org/stable/c/3dd428039e06e1967ce294e2cd6342825aaaad77

Patch https://git.kernel.org/stable/c/b2c664df3bb46aabac6a5fd78aaa5bd614cfad97

Patch https://git.kernel.org/stable/c/c420cd5d5bc6797f3a8824e7d74f38f0c286fca5

Patch https://git.kernel.org/stable/c/cbd070a4ae62f119058973f6d2c984e325bce6e7

https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal