CVE-2024-42224

Updated: 2024-09-25 22:36:14.714562

Description:

In the Linux kernel, the following vulnerability has been resolved: net: dsa: mv88e6xxx: Correct check for empty list Since commit a3c53be55c95 ("net: dsa: mv88e6xxx: Support multiple MDIO busses") mv88e6xxx_default_mdio_bus() has checked that the return value of list_first_entry() is non-NULL. This appears to be intended to guard against the list chip->mdios being empty. However, it is not the correct check as the implementation of list_first_entry is not designed to return NULL for empty lists. Instead, use list_first_entry_or_null() which does return NULL if the list is empty. Flagged by Smatch. Compile tested only.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x MEDIUM 6.1

Status

OS name Project name Version Score Severity Status Errata Last updated
AlmaLinux 9.2 ESU kernel 5.14.0 6.1 MEDIUM Not Vulnerable 2024-08-19 05:27:58
AlmaLinux 9.2 FIPS kernel 5.14.0 6.1 MEDIUM Not Vulnerable 2024-08-19 05:27:58
CentOS 8.4 ELS kernel 4.18.0 6.1 MEDIUM Not Vulnerable 2024-08-19 05:27:57
CentOS 8.5 ELS kernel 4.18.0 6.1 MEDIUM Not Vulnerable 2024-08-19 05:27:58
CentOS Stream 8 ELS kernel 4.18.0 6.1 MEDIUM Not Vulnerable 2024-08-19 05:27:57
Ubuntu 16.04 ELS linux 4.4.0 6.1 MEDIUM Not Vulnerable 2024-10-02 05:29:23
Ubuntu 16.04 ELS linux-hwe 4.15.0 6.1 MEDIUM Released CLSA-2024:1723622106 2024-08-14 08:18:39
Ubuntu 18.04 ELS linux 4.15.0 6.1 MEDIUM Released CLSA-2024:1723622576 2024-08-14 08:18:35