摘要:
In the Linux kernel, the following vulnerability has been resolved:net: phy: qcom: at803x: fix kernel panic with at8031_probeOn reworking and splitting the at803x driver, in splitting function ofat803x PHYs it was added a NULL dereference bug where priv is referencedbefore it s actually allocated and then is tried to write to for theis_1000basex and is_fiber variables in the case of at8031, writing onthe wrong address.Fix this by correctly setting priv local variable only afterat803x_probe is called and actually allocates priv in the phydev struct.
安全等级: Low
公告ID: KylinSec-SA-2024-2037
发布日期: 2024年5月27日
关联CVE: CVE-2024-26942
In the Linux kernel, the following vulnerability has been resolved:net: phy: qcom: at803x: fix kernel panic with at8031_probeOn reworking and splitting the at803x driver, in splitting function ofat803x PHYs it was added a NULL dereference bug where priv is referencedbefore it s actually allocated and then is tried to write to for theis_1000basex and is_fiber variables in the case of at8031, writing onthe wrong address.Fix this by correctly setting priv local variable only afterat803x_probe is called and actually allocates priv in the phydev struct.
| cve名称 | 产品 | 组件 | 是否受影响 |
|---|---|---|---|
| CVE-2024-26942 | KY3.4-4A | kernel | Unaffected |
| CVE-2024-26942 | KY3.4-5 | kernel | Unaffected |
| CVE-2024-26942 | KY3.5.1 | kernel | Unaffected |
| CVE-2024-26942 | V6 | kernel | Unaffected |
