CVE-2024-26587

CVE Details

Release Date:

2024-02-22

Description

In the Linux kernel, the following vulnerability has been resolved:\nnet: netdevsim: don't try to destroy PHC on VFs\nPHC gets initialized in nsim_init_netdevsim(), which\nis only called if (nsim_dev_port_is_pf()).\nCreate a counterpart of nsim_init_netdevsim() and\nmove the mock_phc_destroy() there.\nThis fixes a crash trying to destroy netdevsim with\nVFs instantiated, as caught by running the devlink.sh test:\nBUG: kernel NULL pointer dereference, address: 00000000000000b8\nRIP: 0010:mock_phc_destroy+0xd/0x30\nCall Trace:\n\nnsim_destroy+0x4a/0x70 [netdevsim]\n__nsim_dev_port_del+0x47/0x70 [netdevsim]\nnsim_dev_reload_destroy+0x105/0x120 [netdevsim]\nnsim_drv_remove+0x2f/0xb0 [netdevsim]\ndevice_release_driver_internal+0x1a1/0x210\nbus_remove_device+0xd5/0x120\ndevice_del+0x159/0x490\ndevice_unregister+0x12/0x30\ndel_device_store+0x11a/0x1a0 [netdevsim]\nkernfs_fop_write_iter+0x130/0x1d0\nvfs_write+0x30b/0x4b0\nksys_write+0x69/0xf0\ndo_syscall_64+0xcc/0x1e0\nentry_SYSCALL_64_after_hwframe+0x6f/0x77

See more information about CVE-2024-26587 from MITRE CVE dictionary and NIST NVD

CVSS Scoring

NOTE: The following CVSS v3.1 metrics and score provided are preliminary and subject to review.

Base Score:	4.7	CVSS Vector:	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector:	Local network	Attack Complexity:	High
Privileges Required:	Low	User Interaction:	None
Scope:	Unchanged	Confidentiality Impact:	None
Integrity Impact:	None	Availability Impact:	High

Errata information

Platform	Errata	Release Date
Oracle Linux version 8 (kernel-uek)	ELSA-2024-12682	2024-09-23
Oracle Linux version 9 (kernel-uek)	ELSA-2024-12682	2024-09-23