Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve416baaa9-dc9f-4396-8d5f-8c081fb06d67CVE-2024-27063
HistoryMay 01, 2024 - 1:15 p.m.

CVE-2024-27063

2024-05-0113:15:50
416baaa9-dc9f-4396-8d5f-8c081fb06d67
web.nvd.nist.gov
50
linux kernel
vulnerability
netdev
trigger
kernel panic
interface rename
carrier
generic function
kernel
dev
trigger data
get device state
nvd

6.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

JSON

In the Linux kernel, the following vulnerability has been resolved:

leds: trigger: netdev: Fix kernel panic on interface rename trig notify

Commit d5e01266e7f5 (“leds: trigger: netdev: add additional specific link
speed mode”) in the various changes, reworked the way to set the LINKUP
mode in commit cee4bd16c319 (“leds: trigger: netdev: Recheck
NETDEV_LED_MODE_LINKUP on dev rename”) and moved it to a generic function.

This changed the logic where, in the previous implementation the dev
from the trigger event was used to check if the carrier was ok, but in
the new implementation with the generic function, the dev in
trigger_data is used instead.

This is problematic and cause a possible kernel panic due to the fact
that the dev in the trigger_data still reference the old one as the
new one (passed from the trigger event) still has to be hold and saved
in the trigger_data struct (done in the NETDEV_REGISTER case).

On calling of get_device_state(), an invalid net_dev is used and this
cause a kernel panic.

To handle this correctly, move the call to get_device_state() after the
new net_dev is correctly set in trigger_data (in the NETDEV_REGISTER
case) and correctly parse the new dev.

Affected configurations

Vulners
Node
linuxlinux_kernelRange6.56.6.24
OR
linuxlinux_kernelRange6.7.06.7.12
OR
linuxlinux_kernelRange6.8.06.8.3
OR
linuxlinux_kernelRange6.9.0
VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/leds/trigger/ledtrig-netdev.c"
    ],
    "versions": [
      {
        "version": "d5e01266e7f5",
        "lessThan": "10f2af1af8ab",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "d5e01266e7f5",
        "lessThan": "acd025c7a7d1",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "d5e01266e7f5",
        "lessThan": "3f360227cb46",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "d5e01266e7f5",
        "lessThan": "415798bc07dd",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/leds/trigger/ledtrig-netdev.c"
    ],
    "versions": [
      {
        "version": "6.5",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "6.5",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.6.24",
        "lessThanOrEqual": "6.6.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.7.12",
        "lessThanOrEqual": "6.7.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.8.3",
        "lessThanOrEqual": "6.8.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.9",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]

Related

nvd 1
debiancve 1
redhatcve 1
cvelist 1
ubuntucve 1
osv 4
openvas 4
ubuntu 4
nessus 4
nvd
nvd
CVE-2024-27063
2024-05-01 13:15:50
debiancve
debiancve
CVE-2024-27063
2024-05-01 13:15:50
redhatcve
redhatcve
CVE-2024-27063
2024-05-01 20:24:49
cvelist
cvelist
CVE-2024-27063 leds: trigger: netdev: Fix kernel panic on interface rename trig notify
2024-05-01 13:00:24
ubuntucve
ubuntucve
CVE-2024-27063
2024-05-01 00:00:00
osv
osv
linux-aws, linux-gcp vulnerabilities
2024-06-07 18:49:30
linux-oem-6.8 vulnerabilities
2024-06-10 19:28:08
linux-azure, linux-gke vulnerabilities
2024-06-14 17:24:38
openvas
openvas
Ubuntu: Security Advisory (USN-6817-3)
2024-06-17 00:00:00
Ubuntu: Security Advisory (USN-6816-1)
2024-06-10 00:00:00
Ubuntu: Security Advisory (USN-6817-2)
2024-06-11 00:00:00
ubuntu
ubuntu
Linux kernel (OEM) vulnerabilities
2024-06-11 00:00:00
Linux kernel vulnerabilities
2024-06-14 00:00:00
Linux kernel vulnerabilities
2024-06-07 00:00:00
nessus
nessus
Ubuntu 24.04 LTS : Linux kernel vulnerabilities (USN-6817-1)
2024-06-07 00:00:00
Ubuntu 24.04 LTS : Linux kernel vulnerabilities (USN-6816-1)
2024-06-07 00:00:00
Ubuntu 24.04 LTS : Linux kernel (OEM) vulnerabilities (USN-6817-2)
2024-06-10 00:00:00

6.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

JSON
Related for CVE-2024-27063
nvd1debiancve1redhatcve1cvelist1ubuntucve1osv4openvas4ubuntu4nessus4