5.5

CVE-2022-49061

net: ethernet: stmmac: fix altr_tse_pcs function when using a fixed-link

In the Linux kernel, the following vulnerability has been resolved:

net: ethernet: stmmac: fix altr_tse_pcs function when using a fixed-link

When using a fixed-link, the altr_tse_pcs driver crashes
due to null-pointer dereference as no phy_device is provided to
tse_pcs_fix_mac_speed function. Fix this by adding a check for
phy_dev before calling the tse_pcs_fix_mac_speed() function.

Also clean up the tse_pcs_fix_mac_speed function a bit. There is
no need to check for splitter_base and sgmii_adapter_base
because the driver will fail if these 2 variables are not
derived from the device tree.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.8 < 5.4.190
LinuxLinux Kernel Version >= 5.5 < 5.10.112
LinuxLinux Kernel Version >= 5.11 < 5.15.35
LinuxLinux Kernel Version >= 5.16 < 5.17.4
LinuxLinux Kernel Version5.18 Updaterc1
LinuxLinux Kernel Version5.18 Updaterc2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.25% 0.157
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://git.kernel.org/stable/c/08d5e3e954537931c8da7428034808d202e98299
Patch
https://git.kernel.org/stable/c/62a48383ebe2e159fd68425dd3e16d4c6bd6599a
Patch
https://git.kernel.org/stable/c/6c020f05253df04c3480b586fe188a3582740049
Patch
https://git.kernel.org/stable/c/7e59fdf9547c4f948d1d917ec7ffa5fb5ac53bdb
Patch
https://git.kernel.org/stable/c/a6aaa00324240967272b451bfa772547bd576ee6
Patch