CVE-2024-42224

net: dsa: mv88e6xxx: Correct check for empty list

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

net: dsa: mv88e6xxx: Correct check for empty list

Since commit a3c53be55c95 ("net: dsa: mv88e6xxx: Support multiple MDIO
busses") mv88e6xxx_default_mdio_bus() has checked that the
return value of list_first_entry() is non-NULL.

This appears to be intended to guard against the list chip->mdios being
empty. However, it is not the correct check as the implementation of
list_first_entry is not designed to return NULL for empty lists.

Instead, use list_first_entry_or_null() which does return NULL if the
list is empty.

Flagged by Smatch.
Compile tested only.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-07-30 CVE Reserved
2024-07-30 CVE Published
2024-08-03 EPSS Updated
2024-11-05 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (8)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/47d28dde172696031c880c5778633cdca30394ee	2024-07-18
https://git.kernel.org/stable/c/3bf8d70e1455f87856640c3433b3660a31001618	2024-07-18
https://git.kernel.org/stable/c/2a2fe25a103cef73cde356e6d09da10f607e93f5	2024-07-18
https://git.kernel.org/stable/c/8c2c3cca816d074c75a2801d1ca0dea7b0148114	2024-07-18
https://git.kernel.org/stable/c/aa03f591ef31ba603a4a99d05d25a0f21ab1cd89	2024-07-11
https://git.kernel.org/stable/c/3f25b5f1635449036692a44b771f39f772190c1d	2024-07-11
https://git.kernel.org/stable/c/f75625db838ade28f032dacd0f0c8baca42ecde4	2024-07-11
https://git.kernel.org/stable/c/4c7f3950a9fd53a62b156c0fe7c3a2c43b0ba19b	2024-05-03

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 4.19.318 Search vendor "Linux" for product "Linux Kernel" and version " < 4.19.318"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.4.280 Search vendor "Linux" for product "Linux Kernel" and version " < 5.4.280"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.10.222 Search vendor "Linux" for product "Linux Kernel" and version " < 5.10.222"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.15.163 Search vendor "Linux" for product "Linux Kernel" and version " < 5.15.163"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.1.98 Search vendor "Linux" for product "Linux Kernel" and version " < 6.1.98"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.6.39 Search vendor "Linux" for product "Linux Kernel" and version " < 6.6.39"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.9.9 Search vendor "Linux" for product "Linux Kernel" and version " < 6.9.9"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.10 Search vendor "Linux" for product "Linux Kernel" and version " < 6.10"		en		Affected