Memory Corruption Fix in DP83869 PHY Driver
CVE-2024-50188

5.5MEDIUM

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 8 November 2024

What is CVE-2024-50188?

In the Linux kernel, the following vulnerability has been resolved:

net: phy: dp83869: fix memory corruption when enabling fiber

When configuring the fiber port, the DP83869 PHY driver incorrectly calls linkmode_set_bit() with a bit mask (1 << 10) rather than a bit number (10). This corrupts some other memory location -- in case of arm64 the priv pointer in the same structure.

Since the advertising flags are updated from supported at the end of the function the incorrect line isn't needed at all and can be removed.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux a29de52ba2a156873505d8b8cef44e69925b8114 < 21b5af7f0c99b3bf1fd02016e6708b613acbcaf4

Linux a29de52ba2a156873505d8b8cef44e69925b8114

References

https://git.kernel.org/stable/c/21b5af7f0c99b3bf1fd02016e...

https://git.kernel.org/stable/c/ad0d76b8ee5db063791cc2e7a...

https://git.kernel.org/stable/c/c1944b4253649fc6f2fb53e7d...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 8, 2024
Vulnerability Reserved
Oct 21, 2024

JSON

Linux

What is CVE-2024-50188?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.