CVE-2024-35891

medium

Description

In the Linux kernel, the following vulnerability has been resolved: net: phy: micrel: Fix potential null pointer dereference In lan8814_get_sig_rx() and lan8814_get_sig_tx() ptp_parse_header() may return NULL as ptp_header due to abnormal packet type or corrupted packet. Fix this bug by adding ptp_header check. Found by Linux Verification Center (linuxtesting.org) with SVACE.

References

https://git.kernel.org/stable/c/96c155943a703f0655c0c4cab540f67055960e91

https://git.kernel.org/stable/c/95c1016a2d92c4c28a9d1b6d09859c00b19c0ea4

https://git.kernel.org/stable/c/49767b0df276f12e3e7184601e09ee7430e252dc

https://git.kernel.org/stable/c/10608161696c2768f53426642f78a42bcaaa53e8

Details

Source: Mitre, NVD

Published: 2024-05-19

Updated: 2024-05-20

Risk Information

CVSS v2

Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: Medium