Описание
In the Linux kernel, the following vulnerability has been resolved:
igc: fix a log entry using uninitialized netdev
During successful probe, igc logs this:
[ 5.133667] igc 0000:01:00.0 (unnamed net_device) (uninitialized): PHC added ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ The reason is that igc_ptp_init() is called very early, even before register_netdev() has been called. So the netdev_info() call works on a partially uninitialized netdev.
Fix this by calling igc_ptp_init() after register_netdev(), right after the media autosense check, just as in igb. Add a comment, just as in igb.
Now the log message is fine:
[ 5.200987] igc 0000:01:00.0 eth0: PHC added
In the Linux kernel, the following vulnerability has been resolved:
igc: fix a log entry using uninitialized netdev
During successful probe, igc logs this:
[ 5.133667] igc 0000:01:00.0 (unnamed net_device) (uninitialized): PHC added ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ The reason is that igc_ptp_init() is called very early, even before register_netdev() has been called. So the netdev_info() call works on a partially uninitialized netdev.
Fix this by calling igc_ptp_init() after register_netdev(), right after the media autosense check, just as in igb. Add a comment, just as in igb.
Now the log message is fine:
[ 5.200987] igc 0000:01:00.0 eth0: PHC added
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2024-42116
- https://git.kernel.org/stable/c/86167183a17e03ec77198897975e9fdfbd53cb0b
- https://git.kernel.org/stable/c/96839f3f588236593de36465f142b0126267f8b6
- https://git.kernel.org/stable/c/98c8958980e829f023a490b9a9816ca1fe2f8b79
- https://git.kernel.org/stable/c/991f036cabc3d13e886a37faeea1b6800181fdda
- https://git.kernel.org/stable/c/d478ec838cf2b1e1051a8709cfc744fe1c03110f
CVE ID
Связанные уязвимости
A vulnerability was found in the igc_probe() function in the Linux kernel's igc driver, where an uninitialized netdev is logged during the probe process. This occurs because the igc_ptp_init() function is called before the netdev() register is called, resulting in a misleading log entry.
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
ELSA-2024-12618: Unbreakable Enterprise kernel security update (IMPORTANT)