In the Linux kernel, the following vulnerability has been resolved:
idpf: avoid vport access in idpf_get_link_ksettings
When the device control plane is removed or the platform
running device control plane is rebooted, a reset is detected
on the driver. On driver reset, it releases the resources and
waits for the reset to complete. If the reset fails, it takes
the error path and releases the vport lock. At this time if the
monitoring tools tries to access link settings, it call traces
for accessing released vport pointer.
To avoid it, move link_speed_mbps to netdev_priv structure
which removes the dependency on vport pointer and the vport lock
in idpf_get_link_ksettings. Also use netif_carrier_ok()
to check the link status and adjust the offsetof to use link_up
instead of link_speed_mbps.
References
Configurations
Configuration 1 (hide)
|
History
27 Nov 2024, 15:59
Type | Values Removed | Values Added |
---|---|---|
References | () https://git.kernel.org/stable/c/81d2fb4c7c18a3b36ba3e00b9d5b753107472d75 - Patch | |
References | () https://git.kernel.org/stable/c/fa4d906ad0fb63a980a1d586a061c78ea1a345ba - Patch | |
CPE | cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.12:rc6:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.12:rc5:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
First Time |
Linux
Linux linux Kernel |
|
CWE | CWE-416 |
19 Nov 2024, 21:57
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
19 Nov 2024, 02:16
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-11-19 02:16
Updated : 2024-11-27 15:59
NVD link : CVE-2024-50274
Mitre link : CVE-2024-50274
CVE.ORG link : CVE-2024-50274
JSON object : View
Products Affected
linux
- linux_kernel
CWE
CWE-416
Use After Free