Linux · Linux Kernel · CVE-2024-38584
Name of the Vulnerable Software and Affected Versions:
Linux kernel (affected versions not specified)
Description:
The issue is related to a NULL pointer dereference in the `prueth probe()` function. If one of the calls to `emac phy connect()` fails due to `of phy connect()` returning NULL, then the subsequent call to `phy attached info()` will dereference a NULL pointer. This can be exploited to cause a denial of service. The vulnerability is resolved by checking the return code of `emac phy connect()` and failing cleanly if there is an error.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.