CVE-2024-36887

e1000e: change usleep_range to udelay in PHY mdic access

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

e1000e: change usleep_range to udelay in PHY mdic access

This is a partial revert of commit 6dbdd4de0362 ("e1000e: Workaround
for sporadic MDI error on Meteor Lake systems"). The referenced commit
used usleep_range inside the PHY access routines, which are sometimes
called from an atomic context. This can lead to a kernel panic in some
scenarios, such as cable disconnection and reconnection on vPro systems.

Solve this by changing the usleep_range calls back to udelay.

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: e1000e: cambie usleep_range a udelay en el acceso mdic de PHY. Esta es una reversión parcial de el commit 6dbdd4de0362 ("e1000e: solución alternativa para errores MDI esporádicos en sistemas Meteor Lake"). El commit a la que se hace referencia usó usleep_range dentro de las rutinas de acceso PHY, que a veces se llaman desde un contexto atómico. Esto puede provocar un pánico en el kernel en algunos escenarios, como la desconexión y reconexión de cables en sistemas vPro. Resuelva esto volviendo a cambiar las llamadas usleep_range a udelay.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-05-30 CVE Reserved
2024-05-30 CVE Published
2024-05-31 EPSS Updated
2024-08-02 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (5)

URL	Tag	Source
https://git.kernel.org/stable/c/1d16cd91cd319d5bf6230c8493feb56a61e486a1	Vuln. Introduced
https://git.kernel.org/stable/c/0a4e3c2d976aa4dd38951afd6267f74ef3fade0e	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/f8a139656c95db893a543159873c57a470d7376d	2024-05-17
https://git.kernel.org/stable/c/950d5226cd6bb83ba720961a8d4d5cf79e6afd57	2024-05-17
https://git.kernel.org/stable/c/387f295cb2150ed164905b648d76dfcbd3621778	2024-05-01

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.6.26 < 6.6.31 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.6.26 < 6.6.31"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.8.5 < 6.8.10 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.8.5 < 6.8.10"		en		Affected