4.7

CVE-2024-42107

ice: Don't process extts if PTP is disabled

In the Linux kernel, the following vulnerability has been resolved:

ice: Don't process extts if PTP is disabled

The ice_ptp_extts_event() function can race with ice_ptp_release() and
result in a NULL pointer dereference which leads to a kernel panic.

Panic occurs because the ice_ptp_extts_event() function calls
ptp_clock_event() with a NULL pointer. The ice driver has already
released the PTP clock by the time the interrupt for the next external
timestamp event occurs.

To fix this, modify the ice_ptp_extts_event() function to check the
PTP state and bail early if PTP is not ready.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.14 < 6.9.9
LinuxLinux Kernel Version6.10 Updaterc1
LinuxLinux Kernel Version6.10 Updaterc2
LinuxLinux Kernel Version6.10 Updaterc3
LinuxLinux Kernel Version6.10 Updaterc4
LinuxLinux Kernel Version6.10 Updaterc5
LinuxLinux Kernel Version6.10 Updaterc6
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.15% 0.048
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.7 1 3.6
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition

The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check.

CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://git.kernel.org/stable/c/1c4e524811918600683b1ea87a5e0fc2db64fa9b
Patch
https://git.kernel.org/stable/c/996422e3230e41468f652d754fefd1bdbcd4604e
Patch