{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-42116", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-29T15:50:41.178Z", "datePublished": "2024-07-30T07:46:08.969Z", "dateUpdated": "2024-11-05T09:37:43.359Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:37:43.359Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nigc: fix a log entry using uninitialized netdev\n\nDuring successful probe, igc logs this:\n\n[ 5.133667] igc 0000:01:00.0 (unnamed net_device) (uninitialized): PHC added\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\nThe reason is that igc_ptp_init() is called very early, even before\nregister_netdev() has been called. So the netdev_info() call works\non a partially uninitialized netdev.\n\nFix this by calling igc_ptp_init() after register_netdev(), right\nafter the media autosense check, just as in igb. Add a comment,\njust as in igb.\n\nNow the log message is fine:\n\n[ 5.200987] igc 0000:01:00.0 eth0: PHC added"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/intel/igc/igc_main.c"], "versions": [{"version": "1da177e4c3f4", "lessThan": "96839f3f5882", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "98c8958980e8", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "991f036cabc3", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "d478ec838cf2", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "86167183a17e", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/intel/igc/igc_main.c"], "versions": [{"version": "5.15.163", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.98", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.39", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9.9", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/96839f3f588236593de36465f142b0126267f8b6"}, {"url": "https://git.kernel.org/stable/c/98c8958980e829f023a490b9a9816ca1fe2f8b79"}, {"url": "https://git.kernel.org/stable/c/991f036cabc3d13e886a37faeea1b6800181fdda"}, {"url": "https://git.kernel.org/stable/c/d478ec838cf2b1e1051a8709cfc744fe1c03110f"}, {"url": "https://git.kernel.org/stable/c/86167183a17e03ec77198897975e9fdfbd53cb0b"}], "title": "igc: fix a log entry using uninitialized netdev", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:54:32.554Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/96839f3f588236593de36465f142b0126267f8b6", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/98c8958980e829f023a490b9a9816ca1fe2f8b79", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/991f036cabc3d13e886a37faeea1b6800181fdda", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/d478ec838cf2b1e1051a8709cfc744fe1c03110f", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/86167183a17e03ec77198897975e9fdfbd53cb0b", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-42116", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:17:13.688234Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:33:05.887Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/96839f3f588236593de36465f142b0126267f8b6", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/98c8958980e829f023a490b9a9816ca1fe2f8b79", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/991f036cabc3d13e886a37faeea1b6800181fdda", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/d478ec838cf2b1e1051a8709cfc744fe1c03110f", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/86167183a17e03ec77198897975e9fdfbd53cb0b", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:54:32.554Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-42116", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:17:13.688234Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:14.517Z"}}], "cna": {"title": "igc: fix a log entry using uninitialized netdev", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "1da177e4c3f4", "lessThan": "96839f3f5882", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "98c8958980e8", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "991f036cabc3", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "d478ec838cf2", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "86167183a17e", "versionType": "git"}], "programFiles": ["drivers/net/ethernet/intel/igc/igc_main.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "unaffected", "version": "5.15.163", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.98", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.39", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.9.9", "versionType": "semver", "lessThanOrEqual": "6.9.*"}, {"status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/net/ethernet/intel/igc/igc_main.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/96839f3f588236593de36465f142b0126267f8b6"}, {"url": "https://git.kernel.org/stable/c/98c8958980e829f023a490b9a9816ca1fe2f8b79"}, {"url": "https://git.kernel.org/stable/c/991f036cabc3d13e886a37faeea1b6800181fdda"}, {"url": "https://git.kernel.org/stable/c/d478ec838cf2b1e1051a8709cfc744fe1c03110f"}, {"url": "https://git.kernel.org/stable/c/86167183a17e03ec77198897975e9fdfbd53cb0b"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nigc: fix a log entry using uninitialized netdev\n\nDuring successful probe, igc logs this:\n\n[ 5.133667] igc 0000:01:00.0 (unnamed net_device) (uninitialized): PHC added\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\nThe reason is that igc_ptp_init() is called very early, even before\nregister_netdev() has been called. So the netdev_info() call works\non a partially uninitialized netdev.\n\nFix this by calling igc_ptp_init() after register_netdev(), right\nafter the media autosense check, just as in igb. Add a comment,\njust as in igb.\n\nNow the log message is fine:\n\n[ 5.200987] igc 0000:01:00.0 eth0: PHC added"}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:37:43.359Z"}}}, "cveMetadata": {"cveId": "CVE-2024-42116", "state": "PUBLISHED", "dateUpdated": "2024-11-05T09:37:43.359Z", "dateReserved": "2024-07-29T15:50:41.178Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-07-30T07:46:08.969Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nigc: fix a log entry using uninitialized netdev\n\nDuring successful probe, igc logs this:\n\n[ 5.133667] igc 0000:01:00.0 (unnamed net_device) (uninitialized): PHC added\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\nThe reason is that igc_ptp_init() is called very early, even before\nregister_netdev() has been called. So the netdev_info() call works\non a partially uninitialized netdev.\n\nFix this by calling igc_ptp_init() after register_netdev(), right\nafter the media autosense check, just as in igb. Add a comment,\njust as in igb.\n\nNow the log message is fine:\n\n[ 5.200987] igc 0000:01:00.0 eth0: PHC added"}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: igc: corrige una entrada de registro usando netdev no inicializado. Durante la prueba exitosa, igc registra esto: [5.133667] igc 0000:01:00.0 (net_device sin nombre) (sin inicializar): PHC agregado ^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ La raz\u00f3n es que igc_ptp_init() se llama muy temprano, incluso antes de Register_netdev( ) ha sido llamado. Entonces la llamada netdev_info() funciona en un netdev parcialmente no inicializado. Solucione este problema llamando a igc_ptp_init() despu\u00e9s de Register_netdev(), justo despu\u00e9s de la verificaci\u00f3n de detecci\u00f3n autom\u00e1tica de medios, tal como en igb. A\u00f1ade un comentario, como en igb. Ahora el mensaje de registro est\u00e1 bien: [5.200987] igc 0000:01:00.0 eth0: PHC agregado"}], "id": "CVE-2024-42116", "lastModified": "2024-07-30T13:32:45.943", "metrics": {}, "published": "2024-07-30T08:15:03.950", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/86167183a17e03ec77198897975e9fdfbd53cb0b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/96839f3f588236593de36465f142b0126267f8b6"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/98c8958980e829f023a490b9a9816ca1fe2f8b79"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/991f036cabc3d13e886a37faeea1b6800181fdda"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/d478ec838cf2b1e1051a8709cfc744fe1c03110f"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: igc: fix a log entry using uninitialized netdev", "id": "2301481", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301481"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-824", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nigc: fix a log entry using uninitialized netdev\nDuring successful probe, igc logs this:\n[ 5.133667] igc 0000:01:00.0 (unnamed net_device) (uninitialized): PHC added\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\nThe reason is that igc_ptp_init() is called very early, even before\nregister_netdev() has been called. So the netdev_info() call works\non a partially uninitialized netdev.\nFix this by calling igc_ptp_init() after register_netdev(), right\nafter the media autosense check, just as in igb. Add a comment,\njust as in igb.\nNow the log message is fine:\n[ 5.200987] igc 0000:01:00.0 eth0: PHC added", "A vulnerability was found in the igc_probe() function in the Linux kernel's igc driver, where an uninitialized netdev is logged during the probe process. This occurs because the igc_ptp_init() function is called before the netdev() register is called, resulting in a misleading log entry."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-42116", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-07-30T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-42116\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-42116\nhttps://lore.kernel.org/linux-cve-announce/2024073023-CVE-2024-42116-b420@gregkh/T"], "threat_severity": "Moderate", "upstream_fix": "kernel 5.15.163, kernel 6.1.98, kernel 6.6.39, kernel 6.9.9, kernel 6.10"}