U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

CVE-2024-42224 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: net: dsa: mv88e6xxx: Correct check for empty list Since commit a3c53be55c95 ("net: dsa: mv88e6xxx: Support multiple MDIO busses") mv88e6xxx_default_mdio_bus() has checked that the return value of list_first_entry() is non-NULL. This appears to be intended to guard against the list chip->mdios being empty. However, it is not the correct check as the implementation of list_first_entry is not designed to return NULL for empty lists. Instead, use list_first_entry_or_null() which does return NULL if the list is empty. Flagged by Smatch. Compile tested only.


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NIST CVSS score
NIST: NVD
N/A
NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource
https://git.kernel.org/stable/c/2a2fe25a103cef73cde356e6d09da10f607e93f5 Patch 
https://git.kernel.org/stable/c/3bf8d70e1455f87856640c3433b3660a31001618 Patch 
https://git.kernel.org/stable/c/3f25b5f1635449036692a44b771f39f772190c1d Patch 
https://git.kernel.org/stable/c/47d28dde172696031c880c5778633cdca30394ee Patch 
https://git.kernel.org/stable/c/4c7f3950a9fd53a62b156c0fe7c3a2c43b0ba19b Patch 
https://git.kernel.org/stable/c/8c2c3cca816d074c75a2801d1ca0dea7b0148114 Patch 
https://git.kernel.org/stable/c/aa03f591ef31ba603a4a99d05d25a0f21ab1cd89 Patch 
https://git.kernel.org/stable/c/f75625db838ade28f032dacd0f0c8baca42ecde4 Patch 

Weakness Enumeration

CWE-ID CWE Name Source
CWE-754 Improper Check for Unusual or Exceptional Conditions cwe source acceptance level NIST  

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

3 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2024-42224
NVD Published Date:
07/30/2024
NVD Last Modified:
09/25/2024
Source:
kernel.org