CVE-2024-26942

May 1, 2024, 1:02 p.m.

None
No Score

Description

In the Linux kernel, the following vulnerability has been resolved: net: phy: qcom: at803x: fix kernel panic with at8031_probe On reworking and splitting the at803x driver, in splitting function of at803x PHYs it was added a NULL dereference bug where priv is referenced before it's actually allocated and then is tried to write to for the is_1000basex and is_fiber variables in the case of at8031, writing on the wrong address. Fix this by correctly setting priv local variable only after at803x_probe is called and actually allocates priv in the phydev struct.

Product(s) Impacted

Product Versions
Linux kernel

Weaknesses

References

https://git.kernel.org/stable/c/6a4aee277740d04ac0fd54cfa17cc28261932ddc
https://git.kernel.org/stable/c/a8a296ad9957b845b89bcf48be1cf8c74875ecc3

Tags

2024-05-01
416baaa9-dc9f-4396-8d5f-8c081fb06d67
CVE-2024-26942

Date

  • Published: May 1, 2024, 6:15 a.m.
  • Last Modified: May 1, 2024, 1:02 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.