CVE-2024-50188
net: phy: dp83869: fix memory corruption when enabling fiber
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 5.5EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
08 nov 2024Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
In the Linux kernel, the following vulnerability has been resolved:
net: phy: dp83869: fix memory corruption when enabling fiber
When configuring the fiber port, the DP83869 PHY driver incorrectly
calls linkmode_set_bit() with a bit mask (1 << 10) rather than a bit
number (10). This corrupts some other memory location -- in case of
arm64 the priv pointer in the same structure.
Since the advertising flags are updated from supported at the end of the
function the incorrect line isn't needed at all and can be removed.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Produtos afetados
Linux · LinuxReferências
https://cert-portal.siemens.com/productcert/html/ssa-265688.htmlhttps://cert-portal.siemens.com/productcert/html/ssa-355557.htmlhttps://git.kernel.org/stable/c/21b5af7f0c99b3bf1fd02016e6708b613acbcaf4https://git.kernel.org/stable/c/9ca634676ff66e1d616259e136f96f96b2a1759ahttps://git.kernel.org/stable/c/a842e443ca8184f2dc82ab307b43a8b38defd6a5https://git.kernel.org/stable/c/ad0d76b8ee5db063791cc2e7a30ffc9852ac37c4https://git.kernel.org/stable/c/c1944b4253649fc6f2fb53e7d6302eb414d2182chttps://git.kernel.org/stable/c/e3f2de32dae35bc7d173377dc97b5bc9fcd9fc84https://lists.debian.org/debian-lts-announce/2025/01/msg00001.htmlhttps://lists.debian.org/debian-lts-announce/2025/03/msg00002.html