CVE-2024-50097

Summary

In the Linux kernel, the following vulnerability has been resolved:

net: fec: don't save PTP state if PTP is unsupported

Some platforms (such as i.MX25 and i.MX27) do not support PTP, so on these platforms fec_ptp_init() is not called and the related members in fep are not initialized. However, fec_ptp_save_state() is called unconditionally, which causes the kernel to panic. Therefore, add a condition so that fec_ptp_save_state() is not called if PTP is not supported.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxdc5fb264168c3aa8842b2db547c2b5c7df346454 < 7745e14f4c036ce94a5eb05d06e49b0d84b306f9affected
LinuxLinux5763541f24d8ab2053d80fddb8479a2d0df8fd4f < 3192e8d4a1ef9fc9bd7a59cdce51543367e5edd6affected
LinuxLinuxa1477dc87dc4996dcf65a4893d4e2c3a6b593002 < 6be063071a457767ee229db13f019c2ec03bfe44affected
LinuxLinuxcf53d7e76f1fb751b12ceda6a49942414d2f9ea9affected
LinuxLinux6.10.14 < 6.11affected
LinuxLinux6.6.55 < 6.6.57affected
LinuxLinux6.11.3 < 6.11.4affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References