CVE-2024-42107
ADVISORY - nistSummary
In the Linux kernel, the following vulnerability has been resolved:
ice: Don't process extts if PTP is disabled
The ice_ptp_extts_event() function can race with ice_ptp_release() and result in a NULL pointer dereference which leads to a kernel panic.
Panic occurs because the ice_ptp_extts_event() function calls ptp_clock_event() with a NULL pointer. The ice driver has already released the PTP clock by the time the interrupt for the next external timestamp event occurs.
To fix this, modify the ice_ptp_extts_event() function to check the PTP state and bail early if PTP is not ready.
EPSS Score: 0.00154 (0.049)
Common Weakness Enumeration (CWE)
Sign in to Docker Scout
See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.
Sign in