CVE-2024-47707: 
Linux Kernel vulnerability analysis and mitigation

A vulnerability in the Linux kernel's IPv6 routing functionality was discovered, identified as CVE-2024-47707. The issue involves a potential NULL pointer dereference in the rt6_uncached_list_flush_dev() function. The vulnerability was discovered when a previous commit accidentally removed a check for rt->rt6i_idev being NULL, as detected by the syzkaller kernel fuzzer (syzbot) (Kernel Git).

The vulnerability exists in the IPv6 routing code where a NULL pointer check was missing before accessing rt_idev->dev. This could lead to a general protection fault when accessing a non-canonical address 0xdffffc0000000000. The issue was introduced by a previous commit that removed a necessary NULL check. The vulnerability has been assigned a CVSS v3.1 Base Score of 5.5 (MEDIUM) with the vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability can result in a kernel crash due to NULL pointer dereference, leading to a denial of service condition. The issue affects system stability and availability but does not impact confidentiality or integrity of the system (NVD).

The vulnerability has been fixed in multiple Linux kernel versions through a patch that adds the missing NULL pointer check. The fix has been backported to various stable kernel versions including 5.10.234-1 and 6.1.119-1~deb11u1. System administrators should update to the patched kernel versions (Debian LTS).