CVE-2024-42107

MEDIUM

Linux Kernel 5.14-6.9.8 - Time-of-check Time-of-use Race Condition in PTP Clock Event Handling

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: ice: Don't process extts if PTP is disabled The ice_ptp_extts_event() function can race with ice_ptp_release() and result in a NULL pointer dereference which leads to a kernel panic. Panic occurs because the ice_ptp_extts_event() function calls ptp_clock_event() with a NULL pointer. The ice driver has already released the PTP clock by the time the interrupt for the next external timestamp event occurs. To fix this, modify the ice_ptp_extts_event() function to check the PTP state and bail early if PTP is not ready.

References (2)

Core 2

Core References

Patch

https://git.kernel.org/stable/c/1c4e524811918600683b1ea87a5e0fc2db64fa9b

Patch

https://git.kernel.org/stable/c/996422e3230e41468f652d754fefd1bdbcd4604e

Scores

CVSS v3 4.7

EPSS 0.0015

EPSS Percentile 4.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-367 CWE-476

Status published

Products (9)

linux/Kernel 5.14.0 - 6.9.9linux

Linux/Linux < 5.14

Linux/Linux 172db5f91d5f7b91670c68a7547798b0b5374158 - 1c4e524811918600683b1ea87a5e0fc2db64fa9b

Linux/Linux 172db5f91d5f7b91670c68a7547798b0b5374158 - 996422e3230e41468f652d754fefd1bdbcd4604e

Linux/Linux 5.14

Linux/Linux 6.10

Linux/Linux 6.9.9 - 6.9.*

linux/linux_kernel 6.10 rc1 (6 CPE variants)

linux/linux_kernel 5.14 - 6.9.9

Published Jul 30, 2024

Tracked Since Feb 18, 2026