vulnerability
Ubuntu: (Multiple Advisories) (CVE-2024-42224): Linux kernel vulnerabilities
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
5 | (AV:L/AC:L/Au:S/C:N/I:P/A:C) | Jul 30, 2024 | Sep 13, 2024 | Jan 30, 2025 |
Description
In the Linux kernel, the following vulnerability has been resolved:
net: dsa: mv88e6xxx: Correct check for empty list
Since commit a3c53be55c95 ("net: dsa: mv88e6xxx: Support multiple MDIO
busses") mv88e6xxx_default_mdio_bus() has checked that the
return value of list_first_entry() is non-NULL.
This appears to be intended to guard against the list chip->mdios being
empty. However, it is not the correct check as the implementation of
list_first_entry is not designed to return NULL for empty lists.
Instead, use list_first_entry_or_null() which does return NULL if the
list is empty.
Flagged by Smatch.
Compile tested only.
Solution(s)
References
- CVE-2024-42224
- https://attackerkb.com/topics/CVE-2024-42224
- UBUNTU-USN-7003-1
- UBUNTU-USN-7003-2
- UBUNTU-USN-7003-3
- UBUNTU-USN-7003-4
- UBUNTU-USN-7003-5
- UBUNTU-USN-7006-1
- UBUNTU-USN-7007-1
- UBUNTU-USN-7007-2
- UBUNTU-USN-7007-3
- UBUNTU-USN-7009-1
- UBUNTU-USN-7009-2
- UBUNTU-USN-7019-1
- UBUNTU-USN-7020-1
- UBUNTU-USN-7020-2
- UBUNTU-USN-7020-3
- UBUNTU-USN-7020-4
- UBUNTU-USN-7028-1
- UBUNTU-USN-7028-2
- UBUNTU-USN-7029-1
- UBUNTU-USN-7156-1

Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.