Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

Unknown

Privileges Required

Unknown

Attack Vector

Unknown

CVE-2024-27063

Disclosure Date: May 01, 2024 •

CVE-2024-27063

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

In the Linux kernel, the following vulnerability has been resolved:

leds: trigger: netdev: Fix kernel panic on interface rename trig notify

Commit d5e01266e7f5 (“leds: trigger: netdev: add additional specific link
speed mode”) in the various changes, reworked the way to set the LINKUP
mode in commit cee4bd16c319 (“leds: trigger: netdev: Recheck
NETDEV_LED_MODE_LINKUP on dev rename”) and moved it to a generic function.

This changed the logic where, in the previous implementation the dev
from the trigger event was used to check if the carrier was ok, but in
the new implementation with the generic function, the dev in
trigger_data is used instead.

This is problematic and cause a possible kernel panic due to the fact
that the dev in the trigger_data still reference the old one as the
new one (passed from the trigger event) still has to be hold and saved
in the trigger_data struct (done in the NETDEV_REGISTER case).

On calling of get_device_state(), an invalid net_dev is used and this
cause a kernel panic.

To handle this correctly, move the call to get_device_state() after the
new net_dev is correctly set in trigger_data (in the NETDEV_REGISTER
case) and correctly parse the new dev.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

None

Impact Score:

Unknown

Exploitability Score:

Unknown

Vector:

Unknown

Attack Vector (AV):

Unknown

Attack Complexity (AC):

Unknown

Privileges Required (PR):

Unknown

User Interaction (UI):

Unknown

Scope (S):

Unknown

Confidentiality (C):

Unknown

Integrity (I):

Unknown

Availability (A):

Unknown

Vendors

Linux

Products

Linux

References

Canonical

CVE-2024-27063 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27063)

Miscellaneous

https://git.kernel.org/stable/c/10f2af1af8ab8a7064f193446abd5579d3def7e3

https://git.kernel.org/stable/c/acd025c7a7d151261533016a6ca2d38f2de04e87

https://git.kernel.org/stable/c/3f360227cb46edb2cd2494128e1e06ed5768a62e

https://git.kernel.org/stable/c/415798bc07dd1c1ae3a656aa026580816e0b9fe8

Rapid7

Unknown

CVE-2024-27063

Unknown

Unknown

Unknown

Unknown

Unknown

CVE-2024-27063

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Unknown

CVE-2024-27063

Unknown

Unknown

Unknown

Unknown

Unknown

CVE-2024-27063

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Quick Cookie Notification