Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
In the Linux kernel, the following vulnerability has been resolved:mlxsw: spectrum: Protect driver from buggy firmwareWhen processing port up/down events generated by the device's firmware,the driver protects itself from events reported for non-existent localports, but not the CPU port (local port 0), which exists, but lacks anetdev.This can result in a NULL pointer dereference when callingnetif_carrier_{on,off}().Fix this by bailing early when processing an event reported for the CPUport. Problem was only observed when running on top of a buggy emulator.
No PoCs from references.
- https://github.com/ARPSyndicate/cve-scores
- https://github.com/fkie-cad/nvd-json-data-feeds