CVE-2023-52984

The probe() function is only used for the DP83822 PHY, leaving the private data pointer uninitialized for the smaller DP83825/26 models. While all uses of the private data structure are hidden in 82822 specific callbacks, configuring the interrupt is shared across all models. This causes a NULL pointer dereference on the smaller PHYs as it accesses the private data unchecked. Verifying the pointer avoids that.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/52xxx/CVE-2023-52984.json",
    "cna_assigner": "Linux"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

5dc39fd5ef35bc6919759fa99246581b1adc6b82

Fixed

362a2f5531dc0e5b0b5b3e3a541000dbffa75461

Fixed

2cd1e9c013ec56421c58921b1ddf1d2d53bd47fa

Fixed

78901b10522cdf6badf24acf65a892637596bccc

Fixed

422ae7d9c7221e8d4c8526d0f54106307d69d2dc

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-52984.json"

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.10.0

Fixed

5.10.168

Type: ECOSYSTEM
Events: Introduced

5.11.0

Fixed

5.15.93

Type: ECOSYSTEM
Events: Introduced

5.16.0

Fixed

6.1.11

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-52984.json"