Updated:
Description:
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum: Protect driver from buggy firmware When processing port up/down events generated by the device's firmware, the driver protects itself from events reported for non-existent local ports, but not the CPU port (local port 0), which exists, but lacks a netdev. This can result in a NULL pointer dereference when calling netif_carrier_{on,off}(). Fix this by bailing early when processing an event reported for the CPU port. Problem was only observed when running on top of a buggy emulator.
CVSS3: 5.5
OS | Vendor version | Errata |
---|---|---|
RHEL 8 | 4.18.0-553.22.1.el8_10 | RHSA-2024:7000 |
Oracle Linux 8 | 4.18.0-553.22.1.el8_10 | ELSA-2024-7000 |
AlmaLinux 8 | 4.18.0-553.22.1.el8_10 | ALSA-2024:7000 |
Rocky Linux 8 | 4.18.0-553.22.1.el8_10 | RLSA-2024:7000 |
RHEL8 EUS 8.6 | 4.18.0-372.126.1.el8_6 | RHSA-2024:8161 |
OS | Original kernel version | State |
---|---|---|
RHEL 8 | |
Ready For Release |
Oracle Linux 8 | |
Will Not Fix |
AlmaLinux 8 | |
Will Not Fix |
Rocky Linux 8 | |
Will Not Fix |
RHEL8 EUS 8.6 | |
Ready For Release |