{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2024-42224", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-30T07:40:12.250Z", "datePublished": "2024-07-30T07:47:05.608Z", "dateUpdated": "2025-11-03T22:02:27.444Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-21T09:13:05.119Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: mv88e6xxx: Correct check for empty list\n\nSince commit a3c53be55c95 (\"net: dsa: mv88e6xxx: Support multiple MDIO\nbusses\") mv88e6xxx_default_mdio_bus() has checked that the\nreturn value of list_first_entry() is non-NULL.\n\nThis appears to be intended to guard against the list chip->mdios being\nempty. However, it is not the correct check as the implementation of\nlist_first_entry is not designed to return NULL for empty lists.\n\nInstead, use list_first_entry_or_null() which does return NULL if the\nlist is empty.\n\nFlagged by Smatch.\nCompile tested only."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/dsa/mv88e6xxx/chip.c"], "versions": [{"version": "a3c53be55c955b7150cda17874c3fcb4eeb97a89", "lessThan": "47d28dde172696031c880c5778633cdca30394ee", "status": "affected", "versionType": "git"}, {"version": "a3c53be55c955b7150cda17874c3fcb4eeb97a89", "lessThan": "3bf8d70e1455f87856640c3433b3660a31001618", "status": "affected", "versionType": "git"}, {"version": "a3c53be55c955b7150cda17874c3fcb4eeb97a89", "lessThan": "2a2fe25a103cef73cde356e6d09da10f607e93f5", "status": "affected", "versionType": "git"}, {"version": "a3c53be55c955b7150cda17874c3fcb4eeb97a89", "lessThan": "8c2c3cca816d074c75a2801d1ca0dea7b0148114", "status": "affected", "versionType": "git"}, {"version": "a3c53be55c955b7150cda17874c3fcb4eeb97a89", "lessThan": "aa03f591ef31ba603a4a99d05d25a0f21ab1cd89", "status": "affected", "versionType": "git"}, {"version": "a3c53be55c955b7150cda17874c3fcb4eeb97a89", "lessThan": "3f25b5f1635449036692a44b771f39f772190c1d", "status": "affected", "versionType": "git"}, {"version": "a3c53be55c955b7150cda17874c3fcb4eeb97a89", "lessThan": "f75625db838ade28f032dacd0f0c8baca42ecde4", "status": "affected", "versionType": "git"}, {"version": "a3c53be55c955b7150cda17874c3fcb4eeb97a89", "lessThan": "4c7f3950a9fd53a62b156c0fe7c3a2c43b0ba19b", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/dsa/mv88e6xxx/chip.c"], "versions": [{"version": "4.11", "status": "affected"}, {"version": "0", "lessThan": "4.11", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.318", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.280", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.222", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.163", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.98", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.39", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9.9", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.11", "versionEndExcluding": "4.19.318"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.11", "versionEndExcluding": "5.4.280"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.11", "versionEndExcluding": "5.10.222"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.11", "versionEndExcluding": "5.15.163"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.11", "versionEndExcluding": "6.1.98"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.11", "versionEndExcluding": "6.6.39"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.11", "versionEndExcluding": "6.9.9"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.11", "versionEndExcluding": "6.10"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/47d28dde172696031c880c5778633cdca30394ee"}, {"url": "https://git.kernel.org/stable/c/3bf8d70e1455f87856640c3433b3660a31001618"}, {"url": "https://git.kernel.org/stable/c/2a2fe25a103cef73cde356e6d09da10f607e93f5"}, {"url": "https://git.kernel.org/stable/c/8c2c3cca816d074c75a2801d1ca0dea7b0148114"}, {"url": "https://git.kernel.org/stable/c/aa03f591ef31ba603a4a99d05d25a0f21ab1cd89"}, {"url": "https://git.kernel.org/stable/c/3f25b5f1635449036692a44b771f39f772190c1d"}, {"url": "https://git.kernel.org/stable/c/f75625db838ade28f032dacd0f0c8baca42ecde4"}, {"url": "https://git.kernel.org/stable/c/4c7f3950a9fd53a62b156c0fe7c3a2c43b0ba19b"}], "title": "net: dsa: mv88e6xxx: Correct check for empty list", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/47d28dde172696031c880c5778633cdca30394ee", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/3bf8d70e1455f87856640c3433b3660a31001618", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/2a2fe25a103cef73cde356e6d09da10f607e93f5", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/8c2c3cca816d074c75a2801d1ca0dea7b0148114", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/aa03f591ef31ba603a4a99d05d25a0f21ab1cd89", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/3f25b5f1635449036692a44b771f39f772190c1d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/f75625db838ade28f032dacd0f0c8baca42ecde4", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/4c7f3950a9fd53a62b156c0fe7c3a2c43b0ba19b", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T22:02:27.444Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-42224", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:14:41.449489Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:34:33.427Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/47d28dde172696031c880c5778633cdca30394ee", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/3bf8d70e1455f87856640c3433b3660a31001618", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/2a2fe25a103cef73cde356e6d09da10f607e93f5", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/8c2c3cca816d074c75a2801d1ca0dea7b0148114", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/aa03f591ef31ba603a4a99d05d25a0f21ab1cd89", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/3f25b5f1635449036692a44b771f39f772190c1d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/f75625db838ade28f032dacd0f0c8baca42ecde4", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/4c7f3950a9fd53a62b156c0fe7c3a2c43b0ba19b", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T22:02:27.444Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-42224", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:14:41.449489Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:24.436Z"}}], "cna": {"title": "net: dsa: mv88e6xxx: Correct check for empty list", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "a3c53be55c955b7150cda17874c3fcb4eeb97a89", "lessThan": "47d28dde172696031c880c5778633cdca30394ee", "versionType": "git"}, {"status": "affected", "version": "a3c53be55c955b7150cda17874c3fcb4eeb97a89", "lessThan": "3bf8d70e1455f87856640c3433b3660a31001618", "versionType": "git"}, {"status": "affected", "version": "a3c53be55c955b7150cda17874c3fcb4eeb97a89", "lessThan": "2a2fe25a103cef73cde356e6d09da10f607e93f5", "versionType": "git"}, {"status": "affected", "version": "a3c53be55c955b7150cda17874c3fcb4eeb97a89", "lessThan": "8c2c3cca816d074c75a2801d1ca0dea7b0148114", "versionType": "git"}, {"status": "affected", "version": "a3c53be55c955b7150cda17874c3fcb4eeb97a89", "lessThan": "aa03f591ef31ba603a4a99d05d25a0f21ab1cd89", "versionType": "git"}, {"status": "affected", "version": "a3c53be55c955b7150cda17874c3fcb4eeb97a89", "lessThan": "3f25b5f1635449036692a44b771f39f772190c1d", "versionType": "git"}, {"status": "affected", "version": "a3c53be55c955b7150cda17874c3fcb4eeb97a89", "lessThan": "f75625db838ade28f032dacd0f0c8baca42ecde4", "versionType": "git"}, {"status": "affected", "version": "a3c53be55c955b7150cda17874c3fcb4eeb97a89", "lessThan": "4c7f3950a9fd53a62b156c0fe7c3a2c43b0ba19b", "versionType": "git"}], "programFiles": ["drivers/net/dsa/mv88e6xxx/chip.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "4.11"}, {"status": "unaffected", "version": "0", "lessThan": "4.11", "versionType": "semver"}, {"status": "unaffected", "version": "4.19.318", "versionType": "semver", "lessThanOrEqual": "4.19.*"}, {"status": "unaffected", "version": "5.4.280", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.222", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.163", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.98", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.39", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.9.9", "versionType": "semver", "lessThanOrEqual": "6.9.*"}, {"status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/net/dsa/mv88e6xxx/chip.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/47d28dde172696031c880c5778633cdca30394ee"}, {"url": "https://git.kernel.org/stable/c/3bf8d70e1455f87856640c3433b3660a31001618"}, {"url": "https://git.kernel.org/stable/c/2a2fe25a103cef73cde356e6d09da10f607e93f5"}, {"url": "https://git.kernel.org/stable/c/8c2c3cca816d074c75a2801d1ca0dea7b0148114"}, {"url": "https://git.kernel.org/stable/c/aa03f591ef31ba603a4a99d05d25a0f21ab1cd89"}, {"url": "https://git.kernel.org/stable/c/3f25b5f1635449036692a44b771f39f772190c1d"}, {"url": "https://git.kernel.org/stable/c/f75625db838ade28f032dacd0f0c8baca42ecde4"}, {"url": "https://git.kernel.org/stable/c/4c7f3950a9fd53a62b156c0fe7c3a2c43b0ba19b"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: mv88e6xxx: Correct check for empty list\n\nSince commit a3c53be55c95 (\"net: dsa: mv88e6xxx: Support multiple MDIO\nbusses\") mv88e6xxx_default_mdio_bus() has checked that the\nreturn value of list_first_entry() is non-NULL.\n\nThis appears to be intended to guard against the list chip->mdios being\nempty. However, it is not the correct check as the implementation of\nlist_first_entry is not designed to return NULL for empty lists.\n\nInstead, use list_first_entry_or_null() which does return NULL if the\nlist is empty.\n\nFlagged by Smatch.\nCompile tested only."}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "4.19.318", "versionStartIncluding": "4.11"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.4.280", "versionStartIncluding": "4.11"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.10.222", "versionStartIncluding": "4.11"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.15.163", "versionStartIncluding": "4.11"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.1.98", "versionStartIncluding": "4.11"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.6.39", "versionStartIncluding": "4.11"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.9.9", "versionStartIncluding": "4.11"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.10", "versionStartIncluding": "4.11"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-21T09:13:05.119Z"}}}, "cveMetadata": {"cveId": "CVE-2024-42224", "state": "PUBLISHED", "dateUpdated": "2025-11-03T22:02:27.444Z", "dateReserved": "2024-07-30T07:40:12.250Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-07-30T07:47:05.608Z", "assignerShortName": "Linux"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "2A3C53C3-830D-4A66-871C-483295DC5F51", "versionEndExcluding": "4.19.318", "versionStartIncluding": "4.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "625DBFAB-C3D0-4309-A27F-12D6428FB38F", "versionEndExcluding": "5.4.280", "versionStartIncluding": "4.20", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "00696AC5-EE29-437F-97F9-C4D66608B327", "versionEndExcluding": "5.10.222", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "A97DEB09-4927-40F8-B5C6-F5BD5EAE0CFD", "versionEndExcluding": "5.15.163", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E09E92A5-27EF-40E4-926A-B1CDC8270551", "versionEndExcluding": "6.1.98", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "29E894E4-668F-4DB0-81F7-4FB5F698E970", "versionEndExcluding": "6.6.39", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "ADCC1407-0CB3-4C8F-B4C5-07F682CD7085", "versionEndExcluding": "6.9.9", "versionStartIncluding": "6.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: mv88e6xxx: Correct check for empty list\n\nSince commit a3c53be55c95 (\"net: dsa: mv88e6xxx: Support multiple MDIO\nbusses\") mv88e6xxx_default_mdio_bus() has checked that the\nreturn value of list_first_entry() is non-NULL.\n\nThis appears to be intended to guard against the list chip->mdios being\nempty. However, it is not the correct check as the implementation of\nlist_first_entry is not designed to return NULL for empty lists.\n\nInstead, use list_first_entry_or_null() which does return NULL if the\nlist is empty.\n\nFlagged by Smatch.\nCompile tested only."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: dsa: mv88e6xxx: Verificaci\u00f3n correcta de lista vac\u00eda Desde la confirmaci\u00f3n a3c53be55c95 (\"net: dsa: mv88e6xxx: Soporta m\u00faltiples buses MDIO\") mv88e6xxx_default_mdio_bus() ha verificado que el valor de retorno de list_first_entry() no es NULL. Esto parece tener como objetivo proteger contra la lista chip->mdios que est\u00e9 vac\u00eda. Sin embargo, no es la comprobaci\u00f3n correcta ya que la implementaci\u00f3n de list_first_entry no est\u00e1 dise\u00f1ada para devolver NULL para listas vac\u00edas. En su lugar, utilice list_first_entry_or_null() que devuelve NULL si la lista est\u00e1 vac\u00eda. Marcado por Smatch. Compilaci\u00f3n probada \u00fanicamente."}], "id": "CVE-2024-42224", "lastModified": "2025-11-03T22:17:44.553", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 4.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-07-30T08:15:07.667", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2a2fe25a103cef73cde356e6d09da10f607e93f5"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3bf8d70e1455f87856640c3433b3660a31001618"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3f25b5f1635449036692a44b771f39f772190c1d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/47d28dde172696031c880c5778633cdca30394ee"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4c7f3950a9fd53a62b156c0fe7c3a2c43b0ba19b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/8c2c3cca816d074c75a2801d1ca0dea7b0148114"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/aa03f591ef31ba603a4a99d05d25a0f21ab1cd89"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/f75625db838ade28f032dacd0f0c8baca42ecde4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2a2fe25a103cef73cde356e6d09da10f607e93f5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3bf8d70e1455f87856640c3433b3660a31001618"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3f25b5f1635449036692a44b771f39f772190c1d"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/47d28dde172696031c880c5778633cdca30394ee"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4c7f3950a9fd53a62b156c0fe7c3a2c43b0ba19b"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/8c2c3cca816d074c75a2801d1ca0dea7b0148114"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/aa03f591ef31ba603a4a99d05d25a0f21ab1cd89"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/f75625db838ade28f032dacd0f0c8baca42ecde4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-754"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: net: dsa: mv88e6xxx: Correct check for empty list", "id": "2301542", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301542"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "status": "draft"}, "cwe": "CWE-476", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nnet: dsa: mv88e6xxx: Correct check for empty list\nSince commit a3c53be55c95 (\"net: dsa: mv88e6xxx: Support multiple MDIO\nbusses\") mv88e6xxx_default_mdio_bus() has checked that the\nreturn value of list_first_entry() is non-NULL.\nThis appears to be intended to guard against the list chip->mdios being\nempty. However, it is not the correct check as the implementation of\nlist_first_entry is not designed to return NULL for empty lists.\nInstead, use list_first_entry_or_null() which does return NULL if the\nlist is empty.\nFlagged by Smatch.\nCompile tested only.", "A vulnerability was found in the Linux kernel's mv88e6xxx driver in the mv88e6xxx_default_mdio_bus() function, where an improper check for an empty linked list could lead to dereferencing a potentially invalid pointer. This issue could lead to memory corruption or crashes."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-42224", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-07-30T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-42224\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-42224\nhttps://lore.kernel.org/linux-cve-announce/2024073037-CVE-2024-42224-863a@gregkh/T"], "statement": "Red Hat believes this flaw to be of Moderate severity because this flaw primarily impacts an Ethernet switch driver, which operates at the network interface level, handling network data packets. As such, successful exploitation of this vulnerability could result in memory leakage but it would likely not contain sensitive data. A crash could impact the integrity of the system, but would most likely impact the integrity of the data flow within the network.", "threat_severity": "Moderate"}

{}