CVE-2024-26587NULL Pointer Dereference in Linux

CWE-476NULL Pointer Dereference7 documents7 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 96.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
LinuxLinux KernelDebian Linux+4 more
Timeline
PublishedFeb 22
Latest updateFeb 23

Description

In the Linux kernel, the following vulnerability has been resolved: net: netdevsim: don't try to destroy PHC on VFs PHC gets initialized in nsim_init_netdevsim(), which is only called if (nsim_dev_port_is_pf()). Create a counterpart of nsim_init_netdevsim() and move the mock_phc_destroy() there. This fixes a crash trying to destroy netdevsim with VFs instantiated, as caught by running the devlink.sh test: BUG: kernel NULL pointer dereference, address: 00000000000000b8 RIP: 0010:mock_phc_des

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages8 packages

NVDlinux/linux_kernel6.7.06.7.2+1
Debianlinux/linux_kernel< 6.6.15-1+1
CVEListV5linux/linuxb63e78fca889e07931ec8f259701718a24e5052e08aca65997fb6f233066883b1f1e653bcb1f26ca+3

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
GHSA
GHSA-vmpq-wpxg-r7rp: In the Linux kernel, the following vulnerability has been resolved: net: netdevsim: don't try to destroy PHC on VFs PHC gets initialized in nsim_ini2024-02-22
OSV
CVE-2024-26587: In the Linux kernel, the following vulnerability has been resolved: net: netdevsim: don't try to destroy PHC on VFs PHC gets initialized in nsim_init_2024-02-22

📋Vendor Advisories

3
Red Hat
kernel: netdevsim: don't try to destroy PHC on VFs2024-02-22
Microsoft
net: netdevsim: don't try to destroy PHC on VFs2024-02-13
Debian
CVE-2024-26587: linux - In the Linux kernel, the following vulnerability has been resolved: net: netdev...2024

💬Community

1
Bugzilla
CVE-2024-26587 kernel: netdevsim: don't try to destroy PHC on VFs2024-02-23