Access of Uninitialized Pointer Affecting kernel-cross-headers package, versions *
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-RHEL8-KERNELCROSSHEADERS-7596381
- published 5 Aug 2024
- disclosed 30 Jul 2024
Introduced: 30 Jul 2024
CVE-2024-42116 Open this link in a new tabHow to fix?
There is no fixed version for RHEL:8
kernel-cross-headers
.
NVD Description
Note: Versions mentioned in the description apply only to the upstream kernel-cross-headers
package and not the kernel-cross-headers
package as distributed by RHEL
.
See How to fix?
for RHEL:8
relevant fixed versions and status.
In the Linux kernel, the following vulnerability has been resolved:
igc: fix a log entry using uninitialized netdev
During successful probe, igc logs this:
[ 5.133667] igc 0000:01:00.0 (unnamed net_device) (uninitialized): PHC added ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ The reason is that igc_ptp_init() is called very early, even before register_netdev() has been called. So the netdev_info() call works on a partially uninitialized netdev.
Fix this by calling igc_ptp_init() after register_netdev(), right after the media autosense check, just as in igb. Add a comment, just as in igb.
Now the log message is fine:
[ 5.200987] igc 0000:01:00.0 eth0: PHC added
References
- https://access.redhat.com/security/cve/CVE-2024-42116
- https://git.kernel.org/stable/c/86167183a17e03ec77198897975e9fdfbd53cb0b
- https://git.kernel.org/stable/c/96839f3f588236593de36465f142b0126267f8b6
- https://git.kernel.org/stable/c/98c8958980e829f023a490b9a9816ca1fe2f8b79
- https://git.kernel.org/stable/c/991f036cabc3d13e886a37faeea1b6800181fdda
- https://git.kernel.org/stable/c/d478ec838cf2b1e1051a8709cfc744fe1c03110f