CVE-2024-42107

ADVISORY - nist

Summary

In the Linux kernel, the following vulnerability has been resolved:

ice: Don't process extts if PTP is disabled

The ice_ptp_extts_event() function can race with ice_ptp_release() and result in a NULL pointer dereference which leads to a kernel panic.

Panic occurs because the ice_ptp_extts_event() function calls ptp_clock_event() with a NULL pointer. The ice driver has already released the PTP clock by the time the interrupt for the next external timestamp event occurs.

To fix this, modify the ice_ptp_extts_event() function to check the PTP state and bail early if PTP is not ready.

EPSS Score: 0.00154 (0.049)

Common Weakness Enumeration (CWE)

ADVISORY - nist

Time-of-check Time-of-use (TOCTOU) Race Condition

NULL Pointer Dereference


Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.

Sign in