SB20240531475 - NULL pointer dereference in Linux kernel broadcom bnx2x driver

Description

This security bulletin contains information about 1 security vulnerability.

1) NULL pointer dereference (CVE-ID: CVE-2024-26859)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.h. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/7bcc090c81116c66936a7415f2c6b1483a4bcfd9
• https://git.kernel.org/stable/c/4f37d3a7e004bbf560c21441ca9c022168017ec4
• https://git.kernel.org/stable/c/8eebff95ce9558be66a36aa7cfb43223f3ab4699
• https://git.kernel.org/stable/c/8ffcd3ccdbda0c918c4a0f922ef1c17010f1b598
• https://git.kernel.org/stable/c/cf7d8cba639ae792a42c2a137b495eac262ac36c
• https://git.kernel.org/stable/c/3a9f78b297e08ca8e88ae3ecff1f6fe2766dc5eb
• https://git.kernel.org/stable/c/c51f8b6930db3f259b8820b589f2459d2df3fc68
• https://git.kernel.org/stable/c/44f9f1abb0ecc43023225ab9539167facbabf0ec
• https://git.kernel.org/stable/c/d27e2da94a42655861ca4baea30c8cd65546f25d
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.311
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.214
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.153
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.273
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.83
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.23
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.7.11
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8.2