PT-2024-6598 · Linux+6 · Linux Kernel+6

Published

2024-05-02

·

Updated

2025-09-29

·

CVE-2024-42224

CVSS v3.1

6.1

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)
Description: The issue is related to the mv88e6xxx default mdio bus() function in the Linux kernel, which incorrectly checks for an empty list. The function uses list first entry() to check if the list is empty, but this function is not designed to return NULL for empty lists. Instead, list first entry or null() should be used, which returns NULL if the list is empty. This incorrect check may allow an attacker to impact the integrity and availability of protected information. The issue was flagged by Smatch and compile tested only.
Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Check for Exceptional Conditions

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-754

Related Identifiers

ALSA-2025_16880
ALT-PU-2024-10465
ALT-PU-2024-10467
ALT-PU-2024-10855
ALT-PU-2024-11524
ALT-PU-2024-12537
ALT-PU-2024-13979
ALT-PU-2024-14046
AZL-47337
AZL-47379
BDU:2024-07745
CVE-2024-42224
DLA-4008-1
DSA-5747-1
MGASA-2024-0277
MGASA-2024-0278
OESA-2024-1961
OESA-2024-1962
OESA-2024-1963
OESA-2024-1964
OESA-2024-2076
OPENSUSE-SU-2024_2947-1
SUSE-SU-2024:2892-1
SUSE-SU-2024:2894-1
SUSE-SU-2024:2901-1
SUSE-SU-2024:2939-1
SUSE-SU-2024:2940-1
SUSE-SU-2024:2947-1
SUSE-SU-2024:3194-1
SUSE-SU-2024:3195-1
SUSE-SU-2024:3383-1
SUSE-SU-2025:20044-1
SUSE-SU-2025:20047-1
USN-7003-1
USN-7003-2
USN-7003-3
USN-7003-4
USN-7003-5
USN-7006-1
USN-7007-1
USN-7007-2
USN-7007-3
USN-7009-1
USN-7009-2
USN-7019-1
USN-7020-1
USN-7020-2
USN-7020-3
USN-7020-4
USN-7028-1
USN-7028-2
USN-7029-1
USN-7156-1

Affected Products

Alt Linux
Astra Linux
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu