CVE-2024-26942
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-26942
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-26942.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-26942
- Downstream
- Published
- 2024-05-01T05:17:56Z
- Modified
- 2025-10-14T13:49:02.849096Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- net: phy: qcom: at803x: fix kernel panic with at8031_probe
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
net: phy: qcom: at803x: fix kernel panic with at8031_probe
On reworking and splitting the at803x driver, in splitting function of at803x PHYs it was added a NULL dereference bug where priv is referenced before it's actually allocated and then is tried to write to for the is1000basex and isfiber variables in the case of at8031, writing on the wrong address.
Fix this by correctly setting priv local variable only after at803x_probe is called and actually allocates priv in the phydev struct.
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced25d2ba94005fac18fe68878cddff59a67e115554Fixeda8a296ad9957b845b89bcf48be1cf8c74875ecc3
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced25d2ba94005fac18fe68878cddff59a67e115554Fixed6a4aee277740d04ac0fd54cfa17cc28261932ddc
Affected versions
v6.*
v6.7
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.8.1
v6.8.2
Database specific
{
"vanir_signatures": [
{
"id": "CVE-2024-26942-10decd96",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a8a296ad9957b845b89bcf48be1cf8c74875ecc3",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"146090755252195952166922418919347137429",
"290049363757535819095995863130869031998",
"292688716989332945629181527566302911877",
"147559882498303038118671106838085998299",
"220817345130796065723414789020135941113",
"317350410267221715493664610101722014935",
"88277541502932792630752623109992080281"
]
},
"target": {
"file": "drivers/net/phy/at803x.c"
}
},
{
"id": "CVE-2024-26942-54c23027",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6a4aee277740d04ac0fd54cfa17cc28261932ddc",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"length": 676.0,
"function_hash": "319594723081170261986646200026234220751"
},
"target": {
"file": "drivers/net/phy/qcom/at803x.c",
"function": "at8031_probe"
}
},
{
"id": "CVE-2024-26942-8002a7e8",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6a4aee277740d04ac0fd54cfa17cc28261932ddc",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"146090755252195952166922418919347137429",
"290049363757535819095995863130869031998",
"292688716989332945629181527566302911877",
"147559882498303038118671106838085998299",
"220817345130796065723414789020135941113",
"317350410267221715493664610101722014935",
"88277541502932792630752623109992080281"
]
},
"target": {
"file": "drivers/net/phy/qcom/at803x.c"
}
},
{
"id": "CVE-2024-26942-83216a72",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a8a296ad9957b845b89bcf48be1cf8c74875ecc3",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"length": 676.0,
"function_hash": "319594723081170261986646200026234220751"
},
"target": {
"file": "drivers/net/phy/at803x.c",
"function": "at8031_probe"
}
}
]
}