CVE-2024-42282

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A potential NULL pointer dereference in dummy net device handling has been resolved. The issue occurred when alloc netdev dummy() failed in mtk probe(), causing eth->dummy dev to be NULL. The error path would then call mtk free dev(), which in turn called free netdev() assuming dummy dev was allocated, potentially causing a NULL pointer dereference. By moving free netdev() to mtk remove(), the issue is addressed, ensuring it's only called when mtk probe() has succeeded and dummy dev is fully allocated.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.