cve-2024-42107
Vulnerability from cvelistv5
Published
2024-07-30 07:46
Modified
2024-11-05 09:37
Severity ?
Summary
ice: Don't process extts if PTP is disabled
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/1c4e524811918600683b1ea87a5e0fc2db64fa9b
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/996422e3230e41468f652d754fefd1bdbcd4604e
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/1c4e524811918600683b1ea87a5e0fc2db64fa9b
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/996422e3230e41468f652d754fefd1bdbcd4604e
Impacted products
Vendor Product Version
Linux Linux Version: 5.14
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:54:32.575Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1c4e524811918600683b1ea87a5e0fc2db64fa9b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/996422e3230e41468f652d754fefd1bdbcd4604e"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42107",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:17:43.025350Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:07.604Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/intel/ice/ice_ptp.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "1c4e52481191",
              "status": "affected",
              "version": "172db5f91d5f",
              "versionType": "git"
            },
            {
              "lessThan": "996422e3230e",
              "status": "affected",
              "version": "172db5f91d5f",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/intel/ice/ice_ptp.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.14"
            },
            {
              "lessThan": "5.14",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Don\u0027t process extts if PTP is disabled\n\nThe ice_ptp_extts_event() function can race with ice_ptp_release() and\nresult in a NULL pointer dereference which leads to a kernel panic.\n\nPanic occurs because the ice_ptp_extts_event() function calls\nptp_clock_event() with a NULL pointer. The ice driver has already\nreleased the PTP clock by the time the interrupt for the next external\ntimestamp event occurs.\n\nTo fix this, modify the ice_ptp_extts_event() function to check the\nPTP state and bail early if PTP is not ready."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-05T09:37:33.030Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/1c4e524811918600683b1ea87a5e0fc2db64fa9b"
        },
        {
          "url": "https://git.kernel.org/stable/c/996422e3230e41468f652d754fefd1bdbcd4604e"
        }
      ],
      "title": "ice: Don\u0027t process extts if PTP is disabled",
      "x_generator": {
        "engine": "bippy-9e1c9544281a"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-42107",
    "datePublished": "2024-07-30T07:46:02.834Z",
    "dateReserved": "2024-07-29T15:50:41.176Z",
    "dateUpdated": "2024-11-05T09:37:33.030Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-42107\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-07-30T08:15:03.220\",\"lastModified\":\"2024-11-21T09:33:36.967\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nice: Don\u0027t process extts if PTP is disabled\\n\\nThe ice_ptp_extts_event() function can race with ice_ptp_release() and\\nresult in a NULL pointer dereference which leads to a kernel panic.\\n\\nPanic occurs because the ice_ptp_extts_event() function calls\\nptp_clock_event() with a NULL pointer. The ice driver has already\\nreleased the PTP clock by the time the interrupt for the next external\\ntimestamp event occurs.\\n\\nTo fix this, modify the ice_ptp_extts_event() function to check the\\nPTP state and bail early if PTP is not ready.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ice: no procesar extts si PTP est\u00e1 deshabilitado. La funci\u00f3n ice_ptp_extts_event() puede competir con ice_ptp_release() y provocar una desreferencia del puntero NULL que provoca un p\u00e1nico en el kernel. El p\u00e1nico ocurre porque la funci\u00f3n ice_ptp_extts_event() llama a ptp_clock_event() con un puntero NULL. El controlador de hielo ya ha liberado el reloj PTP cuando ocurre la interrupci\u00f3n para el siguiente evento de marca de tiempo externo. Para solucionar este problema, modifique la funci\u00f3n ice_ptp_extts_event() para verificar el estado de PTP y salir temprano si PTP no est\u00e1 listo.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/1c4e524811918600683b1ea87a5e0fc2db64fa9b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/996422e3230e41468f652d754fefd1bdbcd4604e\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/1c4e524811918600683b1ea87a5e0fc2db64fa9b\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/996422e3230e41468f652d754fefd1bdbcd4604e\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.