CVE-2024-38584

MEDIUM5.5

net: ti: icssg_prueth: Fix NULL pointer dereference in prueth_probe()

Published Jun 19, 2024

Modified 8 months ago

No fix available

Details

In the Linux kernel, the following vulnerability has been resolved:

net: ti: icssg_prueth: Fix NULL pointer dereference in prueth_probe()

In the prueth_probe() function, if one of the calls to emac_phy_connect() fails due to of_phy_connect() returning NULL, then the subsequent call to phy_attached_info() will dereference a NULL pointer.

Check the return code of emac_phy_connect and fail cleanly if there is an error.

References

WEBhttps://git.kernel.org/stable/c/1e1d5bd7f4682e6925dd960aba2a1aa1d93da53a WEBhttps://git.kernel.org/stable/c/5cd17f0e74cb99d209945b9f1f06d411aa667eb1 WEBhttps://git.kernel.org/stable/c/b0a82ebabbdc4c307f781bb0e5cd617949a3900d WEBhttps://git.kernel.org/stable/c/b31c7e78086127a7fcaa761e8d336ee855a920c6 ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2024-38584

CVSS Analysis

CVSS v3.1

5.5

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

LowAC:L

Privileges Required

LowPR:L

User Interaction

NoneUI:N

Scope

UnchangedS:U

Impact

Confidentiality

NoneC:N

Integrity

NoneI:N

Availability

HighA:H

5.5/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Ecosystems

Timeline

PublishedJun 19, 2024

ModifiedMay 4, 2025

CVE-2024-38584 | Mondoo Vulnerability Intelligence