CVE-2024-46679

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A sysfs reader can race with a device reset or removal, attempting to read device state when the device is not actually present. This issue is related to the ethtool functionality, specifically when getting link settings. The problem arises because many callers of ethtool get link ksettings() do not check for device presence. To address this, a check has been moved into ethtool to protect all callers. The issue can lead to a panic, as observed in a previous commit related to adding a check for netdevice presence in speed show. Technical details include the involvement of functions such as qed get current link, qede get link ksettings, rh call get link ksettings, and ethtool get link ksettings, indicating a complex interaction within the kernel's networking components.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.