CVE-2024-36887
e1000e: change usleep_range to udelay in PHY mdic access
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved: e1000e: change usleep_range to udelay in PHY mdic access This is a partial revert of commit 6dbdd4de0362 ("e1000e: Workaround
for sporadic MDI error on Meteor Lake systems"). The referenced commit
used usleep_range inside the PHY access routines, which are sometimes
called from an atomic context. This can lead to a kernel panic in some
scenarios, such as cable disconnection and reconnection on vPro systems. Solve this by changing the usleep_range calls back to udelay.
En el kernel de Linux, se resolvió la siguiente vulnerabilidad: e1000e: cambie usleep_range a udelay en el acceso mdic de PHY. Esta es una reversión parcial de el commit 6dbdd4de0362 ("e1000e: solución alternativa para errores MDI esporádicos en sistemas Meteor Lake"). El commit a la que se hace referencia usó usleep_range dentro de las rutinas de acceso PHY, que a veces se llaman desde un contexto atómico. Esto puede provocar un pánico en el kernel en algunos escenarios, como la desconexión y reconexión de cables en sistemas vPro. Resuelva esto volviendo a cambiar las llamadas usleep_range a udelay.
In the Linux kernel, the following vulnerability has been resolved: e1000e: change usleep_range to udelay in PHY mdic access This is a partial revert of commit 6dbdd4de0362 ("e1000e: Workaround for sporadic MDI error on Meteor Lake systems"). The referenced commit used usleep_range inside the PHY access routines, which are sometimes called from an atomic context. This can lead to a kernel panic in some scenarios, such as cable disconnection and reconnection on vPro systems. Solve this by changing the usleep_range calls back to udelay.
Benedict Schlüter, Supraja Sridhara, Andrin Bertschi, and Shweta Shinde discovered that an untrusted hypervisor could inject malicious #VC interrupts and compromise the security guarantees of AMD SEV-SNP. This flaw is known as WeSee. A local attacker in control of the hypervisor could use this to expose sensitive information or possibly execute arbitrary code in the trusted execution environment. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-05-30 CVE Reserved
- 2024-05-30 CVE Published
- 2024-12-19 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| https://git.kernel.org/stable/c/1d16cd91cd319d5bf6230c8493feb56a61e486a1 | Vuln. Introduced | |
| https://git.kernel.org/stable/c/0a4e3c2d976aa4dd38951afd6267f74ef3fade0e | Vuln. Introduced |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.6.26 < 6.6.31 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.6.26 < 6.6.31" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.8.5 < 6.8.10 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.8.5 < 6.8.10" | en |
Affected
| ||||||