CVE-2024-38584

Summary

In the Linux kernel, the following vulnerability has been resolved:

net: ti: icssg_prueth: Fix NULL pointer dereference in prueth_probe()

In the prueth_probe() function, if one of the calls to emac_phy_connect() fails due to of_phy_connect() returning NULL, then the subsequent call to phy_attached_info() will dereference a NULL pointer.

Check the return code of emac_phy_connect and fail cleanly if there is an error.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux128d5874c0822105ae9556d5435fb8562aff2e3b < 5cd17f0e74cb99d209945b9f1f06d411aa667eb1affected
LinuxLinux128d5874c0822105ae9556d5435fb8562aff2e3b < b0a82ebabbdc4c307f781bb0e5cd617949a3900daffected
LinuxLinux128d5874c0822105ae9556d5435fb8562aff2e3b < 1e1d5bd7f4682e6925dd960aba2a1aa1d93da53aaffected
LinuxLinux128d5874c0822105ae9556d5435fb8562aff2e3b < b31c7e78086127a7fcaa761e8d336ee855a920c6affected
LinuxLinux6.6affected
LinuxLinux0 < 6.6unaffected
LinuxLinux6.6.33 <= 6.6.*unaffected
LinuxLinux6.8.12 <= 6.8.*unaffected
LinuxLinux6.9.3 <= 6.9.*unaffected
LinuxLinux6.10 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References