Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveLinuxCVE-2024-42107
HistoryJul 30, 2024 - 8:15 a.m.

CVE-2024-42107

2024-07-3008:15:03
Linux
web.nvd.nist.gov
34
linux kernel
ice driver
ptp vulnerability

AI Score

6.4

Confidence

Low

EPSS

0

Percentile

9.4%

JSON

In the Linux kernel, the following vulnerability has been resolved:

ice: Don’t process extts if PTP is disabled

The ice_ptp_extts_event() function can race with ice_ptp_release() and
result in a NULL pointer dereference which leads to a kernel panic.

Panic occurs because the ice_ptp_extts_event() function calls
ptp_clock_event() with a NULL pointer. The ice driver has already
released the PTP clock by the time the interrupt for the next external
timestamp event occurs.

To fix this, modify the ice_ptp_extts_event() function to check the
PTP state and bail early if PTP is not ready.

Affected configurations

Vulners
Node
linuxlinux_kernelRange5.146.9.9
OR
linuxlinux_kernelRange6.10.0
VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/net/ethernet/intel/ice/ice_ptp.c"
    ],
    "versions": [
      {
        "version": "172db5f91d5f",
        "lessThan": "1c4e52481191",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "172db5f91d5f",
        "lessThan": "996422e3230e",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/net/ethernet/intel/ice/ice_ptp.c"
    ],
    "versions": [
      {
        "version": "5.14",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "5.14",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.9.9",
        "lessThanOrEqual": "6.9.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.10",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]

Related

debiancve 1
vulnrichment 1
redhatcve 1
nvd 1
ubuntucve 1
cvelist 1
osv 5
nessus 6
redhat 3
debiancve
debiancve
CVE-2024-42107
2024-07-30 08:15:03
vulnrichment
vulnrichment
CVE-2024-42107 ice: Don't process extts if PTP is disabled
2024-07-30 07:46:02
redhatcve
redhatcve
CVE-2024-42107
2024-08-22 13:13:35
nvd
nvd
CVE-2024-42107
2024-07-30 08:15:03
ubuntucve
ubuntucve
CVE-2024-42107
2024-07-30 00:00:00
cvelist
cvelist
CVE-2024-42107 ice: Don't process extts if PTP is disabled
2024-07-30 07:46:02
osv
osv
CVE-2024-42107
2024-07-30 08:15:03
Security update for the Linux Kernel
2024-09-11 15:39:03
Security update for the Linux Kernel
2024-09-10 08:46:37
nessus
nessus
RHEL 9 : kernel-rt (RHSA-2024:5673)
2024-08-25 00:00:00
RHEL 9 : kernel (RHSA-2024:5672)
2024-08-25 00:00:00
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:3190-1)
2024-09-11 00:00:00
redhat
redhat
(RHSA-2024:5672) Important: kernel security update
2024-08-21 00:10:06
(RHSA-2024:5673) Important: kernel-rt security update
2024-08-21 00:10:13
(RHSA-2024:5808) Moderate: OpenShift Container Platform 4.12.64 security update
2024-08-29 03:02:03

AI Score

6.4

Confidence

Low

EPSS

0

Percentile

9.4%

JSON
Related for CVE-2024-42107
debiancve1vulnrichment1redhatcve1nvd1ubuntucve1cvelist1osv5nessus6redhat3