SB20240531422 - NULL pointer dereference in Linux kernel net phy driver
Published: May 31, 2024 Updated: May 14, 2025
Security Bulletin ID
SB20240531422
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) NULL pointer dereference (CVE-ID: CVE-2024-27047)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the phy_get_internal_delay() function in drivers/net/phy/phy_device.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/06dd21045a7e8bc8701b0ebedcd9a30a6325878b
- https://git.kernel.org/stable/c/0e939a002c8a7d66e60bd0ea6b281fb39d713c1a
- https://git.kernel.org/stable/c/2a2ff709511617de9c6c072eeee82bcbbdfecaf8
- https://git.kernel.org/stable/c/589ec16174dd9378953b8232ae76fad0a96e1563
- https://git.kernel.org/stable/c/c0691de7df1d51482a52cac93b7fe82fd9dd296b
- https://git.kernel.org/stable/c/0307cf443308ecc6be9b2ca312bb31bae5e5a7ad
- https://git.kernel.org/stable/c/4469c0c5b14a0919f5965c7ceac96b523eb57b79
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.214
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.153
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.83
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.23
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.7.11
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8.2