CVE-2024-50023

{"id": "CVE-2024-50023", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-10-21T20:15:15.763", "references": [{"url": "https://git.kernel.org/stable/c/143ffa7878e2d9d9c3836ee8304ce4930f7852a3", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/f50b5d74c68e551667e265123659b187a30fe3a5", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/fba363f4d244269a0ba7abb8df953a244c6749af", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: phy: Remove LED entry from LEDs list on unregister\n\nCommit c938ab4da0eb (\"net: phy: Manual remove LEDs to ensure correct\nordering\") correctly fixed a problem with using devm_ but missed\nremoving the LED entry from the LEDs list.\n\nThis cause kernel panic on specific scenario where the port for the PHY\nis torn down and up and the kmod for the PHY is removed.\n\nOn setting the port down the first time, the assosiacted LEDs are\ncorrectly unregistered. The associated kmod for the PHY is now removed.\nThe kmod is now added again and the port is now put up, the associated LED\nare registered again.\nOn putting the port down again for the second time after these step, the\nLED list now have 4 elements. With the first 2 already unregistered\npreviously and the 2 new one registered again.\n\nThis cause a kernel panic as the first 2 element should have been\nremoved.\n\nFix this by correctly removing the element when LED is unregistered."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: phy: Eliminar la entrada LED de la lista de LED al anular el registro El commit c938ab4da0eb (\"net: phy: Eliminar manualmente los LED para garantizar el orden correcto\") corrigi\u00f3 correctamente un problema con el uso de devm_ pero no elimin\u00f3 la entrada LED de la lista de LED. Esto causa p\u00e1nico del kernel en un escenario espec\u00edfico donde el puerto para el PHY se desactiva y activa y se elimina el kmod para el PHY. Al desactivar el puerto la primera vez, los LED asociados se anulan correctamente el registro. El kmod asociado para el PHY ahora se elimina. El kmod ahora se agrega nuevamente y el puerto ahora se activa, los LED asociados se registran nuevamente. Al desactivar el puerto nuevamente por segunda vez despu\u00e9s de estos pasos, la lista de LED ahora tiene 4 elementos. Con los primeros 2 ya anulados previamente y los 2 nuevos registrados nuevamente. Esto causa un p\u00e1nico del kernel ya que los primeros 2 elementos deber\u00edan haberse eliminado. Arregle esto eliminando correctamente el elemento cuando el LED no est\u00e1 registrado."}], "lastModified": "2024-10-25T15:07:10.487", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A04D6BA8-90D7-4CEF-832D-EBB8568FB0E2", "versionEndExcluding": "6.6.57", "versionStartIncluding": "6.4"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AA84D336-CE9A-4535-B901-1AD77EC17C34", "versionEndExcluding": "6.11.4", "versionStartIncluding": "6.7"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "925478D0-3E3D-4E6F-ACD5-09F28D5DF82C"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}