CVE-2024-38593
net: micrel: Fix receiving the timestamp in the frame for lan8841
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved:
net: micrel: Fix receiving the timestamp in the frame for lan8841
The blamed commit started to use the ptp workqueue to get the second
part of the timestamp. And when the port was set down, then this
workqueue is stopped. But if the config option NETWORK_PHY_TIMESTAMPING
is not enabled, then the ptp_clock is not initialized so then it would
crash when it would try to access the delayed work.
So then basically by setting up and then down the port, it would crash.
The fix consists in checking if the ptp_clock is initialized and only
then cancel the delayed work.
En el kernel de Linux, se resolvió la siguiente vulnerabilidad: net: micrel: Se corrigió la recepción de la marca de tiempo en el framework para lan8841. El commit culpable comenzó a usar la cola de trabajo ptp para obtener la segunda parte de la marca de tiempo. Y cuando se establece el puerto, esta cola de trabajo se detiene. Pero si la opción de configuración NETWORK_PHY_TIMESTAMPING no está habilitada, entonces ptp_clock no se inicializa, por lo que se bloqueará cuando intente acceder al trabajo retrasado. Entonces, básicamente, al configurar y luego desactivar el puerto, fallaría. La solución consiste en comprobar si el ptp_clock está inicializado y sólo entonces cancelar el trabajo retrasado.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-06-18 CVE Reserved
- 2024-06-19 CVE Published
- 2024-06-20 EPSS Updated
- 2024-12-19 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-457: Use of Uninitialized Variable
CAPEC
References (7)
URL | Tag | Source |
---|---|---|
https://git.kernel.org/stable/c/cc75549548482ed653c23f212544e58cb38ea980 | Vuln. Introduced |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://access.redhat.com/security/cve/CVE-2024-38593 | 2024-07-17 | |
https://bugzilla.redhat.com/show_bug.cgi?id=2293380 | 2024-07-17 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.5 < 6.6.33 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.5 < 6.6.33" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.5 < 6.8.12 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.5 < 6.8.12" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.5 < 6.9.3 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.5 < 6.9.3" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.5 < 6.10 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.5 < 6.10" | en |
Affected
|