CVE-2024-42224

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-42224
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-42224.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-42224
Downstream
Related
Published
2024-07-30T07:47:05.608Z
Modified
2026-03-20T12:37:40.120460Z
Summary
net: dsa: mv88e6xxx: Correct check for empty list
Details

In the Linux kernel, the following vulnerability has been resolved:

net: dsa: mv88e6xxx: Correct check for empty list

Since commit a3c53be55c95 ("net: dsa: mv88e6xxx: Support multiple MDIO busses") mv88e6xxxdefaultmdiobus() has checked that the return value of listfirst_entry() is non-NULL.

This appears to be intended to guard against the list chip->mdios being empty. However, it is not the correct check as the implementation of listfirstentry is not designed to return NULL for empty lists.

Instead, use listfirstentryornull() which does return NULL if the list is empty.

Flagged by Smatch. Compile tested only.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/42xxx/CVE-2024-42224.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
a3c53be55c955b7150cda17874c3fcb4eeb97a89
Fixed
47d28dde172696031c880c5778633cdca30394ee
Fixed
3bf8d70e1455f87856640c3433b3660a31001618
Fixed
2a2fe25a103cef73cde356e6d09da10f607e93f5
Fixed
8c2c3cca816d074c75a2801d1ca0dea7b0148114
Fixed
aa03f591ef31ba603a4a99d05d25a0f21ab1cd89
Fixed
3f25b5f1635449036692a44b771f39f772190c1d
Fixed
f75625db838ade28f032dacd0f0c8baca42ecde4
Fixed
4c7f3950a9fd53a62b156c0fe7c3a2c43b0ba19b

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-42224.json"