vulnerability
Ubuntu: (CVE-2024-42107): linux vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:L/AC:M/Au:S/C:N/I:N/A:C) | Jul 30, 2024 | Jun 26, 2025 | Aug 18, 2025 |
Severity
4
CVSS
(AV:L/AC:M/Au:S/C:N/I:N/A:C)
Published
Jul 30, 2024
Added
Jun 26, 2025
Modified
Aug 18, 2025
Description
In the Linux kernel, the following vulnerability has been resolved:
ice: Don't process extts if PTP is disabled
The ice_ptp_extts_event() function can race with ice_ptp_release() and
result in a NULL pointer dereference which leads to a kernel panic.
Panic occurs because the ice_ptp_extts_event() function calls
ptp_clock_event() with a NULL pointer. The ice driver has already
released the PTP clock by the time the interrupt for the next external
timestamp event occurs.
To fix this, modify the ice_ptp_extts_event() function to check the
PTP state and bail early if PTP is not ready.
Solution
no-fix-ubuntu-package
References
- CVE-2024-42107
- https://attackerkb.com/topics/CVE-2024-42107
- CWE-367
- CWE-476
- URL-https://git.kernel.org/linus/996422e3230e41468f652d754fefd1bdbcd4604e
- URL-https://git.kernel.org/stable/c/1c4e524811918600683b1ea87a5e0fc2db64fa9b
- URL-https://git.kernel.org/stable/c/996422e3230e41468f652d754fefd1bdbcd4604e
- URL-https://www.cve.org/CVERecord?id=CVE-2024-42107
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.