CVE-2024-47666

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Oct 9, 2024

Updated: Oct 23, 2024

CWE ID 416

Summary

CVE-2024-47666 is a newly discovered vulnerability in the Linux kernel that affects the pm80xx driver. The issue lies in the function pm8001_phy_control(), where an enable_completion pointer is populated with a stack address and used to signal completion of a PHY reset operation. However, if a phy control response arrives after the function has returned, having waited only 300ms instead of the required time, the enable_completion pointer becomes dangling, leading to a kernel crash upon invocation of the complete() function. This vulnerability can potentially be exploited by an attacker with local access to trigger a kernel crash, resulting in a denial of service or potentially more severe consequences.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners

CVE-2024-47666

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations