CVE-2024-47666
Published: Oct 9, 2024
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: scsi: pm80xx: Set phy->enable_completion only when we wait for it pm8001_phy_control() populates the enable_completion pointer with a stack address, sends a PHY_LINK_RESET / PHY_HARD_RESET, waits 300 ms, and returns. The problem arises when a phy control response comes late. After 300 ms the pm8001_phy_control() function returns and the passed enable_completion stack address is no longer valid. Late phy control response invokes complete() on a dangling enable_completion pointer which leads to a kernel crash.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 869ddbdcae3b4fb83b99889abae31544c149b210 - < ddc501f4130f4baa787cb6cfa309af697179f475affected 869ddbdcae3b4fb83b99889abae31544c149b210 - < a5d954802bda1aabcba49633cd94bad91c94113faffected 869ddbdcae3b4fb83b99889abae31544c149b210 - < e23ee0cc5bded07e700553aecc333bb20c768546affected 869ddbdcae3b4fb83b99889abae31544c149b210 - < 7b1d779647afaea9185fa2f150b1721e7c1aae89affected 869ddbdcae3b4fb83b99889abae31544c149b210 - < f14d3e1aa613311c744af32d75125e95fc8ffb84+1 more versions |
Linux | Linux | affected 4.15unaffected 0 - < 4.15unaffected 5.10.247 - <= 5.10.*unaffected 5.15.197 - <= 5.15.*unaffected 6.1.159 - <= 6.1.*+3 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now