CVE-2024-50097

net: fec: don't save PTP state if PTP is unsupported

Severity Score

5.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: net: fec: don't save PTP state if PTP is unsupported Some platforms (such as i.MX25 and i.MX27) do not support PTP, so on
these platforms fec_ptp_init() is not called and the related members
in fep are not initialized. However, fec_ptp_save_state() is called
unconditionally, which causes the kernel to panic. Therefore, add a
condition so that fec_ptp_save_state() is not called if PTP is not
supported.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: fec: no guardar el estado de PTP si PTP no es compatible. Algunas plataformas (como i.MX25 e i.MX27) no son compatibles con PTP, por lo que en estas plataformas no se llama a fec_ptp_init() y los miembros relacionados en fep no se inicializan. Sin embargo, se llama a fec_ptp_save_state() de forma incondicional, lo que hace que el kernel entre en pánico. Por lo tanto, agregue una condición para que no se llame a fec_ptp_save_state() si PTP no es compatible.

In the Linux kernel, the following vulnerability has been resolved: net: fec: don't save PTP state if PTP is unsupported Some platforms (such as i.MX25 and i.MX27) do not support PTP, so on these platforms fec_ptp_init() is not called and the related members in fep are not initialized. However, fec_ptp_save_state() is called unconditionally, which causes the kernel to panic. Therefore, add a condition so that fec_ptp_save_state() is not called if PTP is not supported.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2024-10-21 CVE Reserved
2024-11-05 CVE Published
2024-12-19 CVE Updated
2025-03-18 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (6)

URL	Tag	Source
https://git.kernel.org/stable/c/dc5fb264168c3aa8842b2db547c2b5c7df346454	Vuln. Introduced
https://git.kernel.org/stable/c/5763541f24d8ab2053d80fddb8479a2d0df8fd4f	Vuln. Introduced
https://git.kernel.org/stable/c/cf53d7e76f1fb751b12ceda6a49942414d2f9ea9	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/7745e14f4c036ce94a5eb05d06e49b0d84b306f9	2024-10-17
https://git.kernel.org/stable/c/3192e8d4a1ef9fc9bd7a59cdce51543367e5edd6	2024-10-17
https://git.kernel.org/stable/c/6be063071a457767ee229db13f019c2ec03bfe44	2024-10-10

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.6.55 < 6.6.57 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.6.55 < 6.6.57"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.11.3 < 6.11.4 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.11.3 < 6.11.4"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				6.10.14 Search vendor "Linux" for product "Linux Kernel" and version "6.10.14"		en		Affected