CVE-2024-50097

net: fec: don't save PTP state if PTP is unsupported

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

net: fec: don't save PTP state if PTP is unsupported

Some platforms (such as i.MX25 and i.MX27) do not support PTP, so on
these platforms fec_ptp_init() is not called and the related members
in fep are not initialized. However, fec_ptp_save_state() is called
unconditionally, which causes the kernel to panic. Therefore, add a
condition so that fec_ptp_save_state() is not called if PTP is not
supported.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: fec: no guardar el estado de PTP si PTP no es compatible. Algunas plataformas (como i.MX25 e i.MX27) no son compatibles con PTP, por lo que en estas plataformas no se llama a fec_ptp_init() y los miembros relacionados en fep no se inicializan. Sin embargo, se llama a fec_ptp_save_state() de forma incondicional, lo que hace que el kernel entre en pánico. Por lo tanto, agregue una condición para que no se llame a fec_ptp_save_state() si PTP no es compatible.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2024-10-21 CVE Reserved
2024-11-05 CVE Published
2024-11-05 CVE Updated
2024-11-06 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (7)

URL	Tag	Source
https://git.kernel.org/stable/c/dc5fb264168c3aa8842b2db547c2b5c7df346454	Vuln. Introduced
https://git.kernel.org/stable/c/5763541f24d8ab2053d80fddb8479a2d0df8fd4f	Vuln. Introduced
https://git.kernel.org/stable/c/a1477dc87dc4996dcf65a4893d4e2c3a6b593002	Vuln. Introduced
https://git.kernel.org/stable/c/cf53d7e76f1fb751b12ceda6a49942414d2f9ea9	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/7745e14f4c036ce94a5eb05d06e49b0d84b306f9	2024-10-17
https://git.kernel.org/stable/c/3192e8d4a1ef9fc9bd7a59cdce51543367e5edd6	2024-10-17
https://git.kernel.org/stable/c/6be063071a457767ee229db13f019c2ec03bfe44	2024-10-10

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.6.55 < 6.6.57 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.6.55 < 6.6.57"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.11.3 < 6.11.4 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.11.3 < 6.11.4"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.12-rc2 < 6.12-rc3 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.12-rc2 < 6.12-rc3"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				6.10.14 Search vendor "Linux" for product "Linux Kernel" and version "6.10.14"		en		Affected