CVE-2024-26942

Published: May 1, 2024

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: net: phy: qcom: at803x: fix kernel panic with at8031_probe On reworking and splitting the at803x driver, in splitting function of at803x PHYs it was added a NULL dereference bug where priv is referenced before it's actually allocated and then is tried to write to for the is_1000basex and is_fiber variables in the case of at8031, writing on the wrong address. Fix this by correctly setting priv local variable only after at803x_probe is called and actually allocates priv in the phydev struct.

Vendor	Product	Versions
Linux	Linux	affected `25d2ba94005fac18fe68878cddff59a67e115554 - < a8a296ad9957b845b89bcf48be1cf8c74875ecc3` affected `25d2ba94005fac18fe68878cddff59a67e115554 - < 6a4aee277740d04ac0fd54cfa17cc28261932ddc`
Linux	Linux	affected `6.8` unaffected `0 - < 6.8` unaffected `6.8.3 - <= 6.8.` unaffected `6.9 - <= `

References

https://git.kernel.org/stable/c/a8a296ad9957b845b89bcf48be1cf8c74875ecc3

https://git.kernel.org/stable/c/6a4aee277740d04ac0fd54cfa17cc28261932ddc

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-26942

Description

Affected Products

References