CVE-2024-42224

MEDIUM

Linux Kernel - Denial of Service via Incorrect Empty List Check in mv88e6xxx_default_mdio_bus

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: net: dsa: mv88e6xxx: Correct check for empty list Since commit a3c53be55c95 ("net: dsa: mv88e6xxx: Support multiple MDIO busses") mv88e6xxx_default_mdio_bus() has checked that the return value of list_first_entry() is non-NULL. This appears to be intended to guard against the list chip->mdios being empty. However, it is not the correct check as the implementation of list_first_entry is not designed to return NULL for empty lists. Instead, use list_first_entry_or_null() which does return NULL if the list is empty. Flagged by Smatch. Compile tested only.

References (9)

Core 9

Scores

CVSS v3 6.1
EPSS 0.0023
EPSS Percentile 13.9%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-754
Status published
Products (26)
linux/Kernel 4.11.0 - 4.19.318linux
linux/Kernel 4.20.0 - 5.4.280linux
linux/Kernel 5.11.0 - 5.15.163linux
linux/Kernel 5.16.0 - 6.1.98linux
linux/Kernel 5.5.0 - 5.10.222linux
linux/Kernel 6.2.0 - 6.6.39linux
linux/Kernel 6.7.0 - 6.9.9linux
Linux/Linux < 4.11
Linux/Linux 4.11
Linux/Linux 4.19.318 - 4.19.*
... and 16 more
Published Jul 30, 2024
Tracked Since Feb 18, 2026