CVE CyberSecurity Database News

CVE-2024-46856: Linux Kernel Vulnerability Resolved in net: phy: dp83822 - Avoiding NULL Pointer Dereferences in DP83825 Devices

Poster -

A vulnerability has been identified and resolved in the Linux kernel which affects the network PHY (Physical layer) driver for Texas Instruments devices DP83822, DP83825, and DP83826. This driver provides the necessary functions to work with these Ethernet PHY devices. The vulnerability could cause a NULL pointer dereference, leading to possible crashes or other unexpected behaviors. This post will explore the nature of this vulnerability, its potential impact, code snippets demonstrating the fix, and links to original references.

Details of Vulnerability

The issue exists in the probe() function, which is responsible for initializing the device and setting up private data structures. The probe() function is currently only implemented for the DP83822 and DP83826 models, leaving the private data pointer uninitialized for DP83825 devices. This uninitialized pointer leads to a NULL pointer dereference in the recently introduced or modified functions, dp8382x_config_init() and dp83822_set_wol().

To address this vulnerability, a new function called dp8382x_probe() should be implemented. This function will ensure that all PHY models will have a valid private data pointer, thereby eliminating the NULL pointer dereference issue and preventing similar issues in the future.

Code Snippet

The following code snippet shows the addition of the dp8382x_probe() function which fixes the NULL pointer dereference issue:

+static int dp8382x_probe(struct mdio_device *mdiodev)
+{
+    struct dp83822_priv *dp83822;
+
+    dp83822 = devm_kzalloc(&mdiodev->dev, sizeof(*dp83822), GFP_KERNEL);
+    if (!dp83822)
+        return -ENOMEM;
+
+    dp83822->dev = &mdiodev->dev;
+    dp83822->regmap = devm_regmap_init(&mdiodev->dev, NULL, dp83822, &dp83822_regmap_config);
+    if (IS_ERR(dp83822->regmap))
+        return PTR_ERR(dp83822->regmap);
+
+    return ;
+}

This function allocates memory for the private data structure and initializes the regmap field. It also ensures that a valid private_data pointer is always initialized for all supported PHY models, eliminating the NULL dereference issue.

Patch fixing the vulnerability

- https://lkml.org/lkml/2021/11/22/639

Details about the affected devices

- TI DP83822: https://www.ti.com/product/DP83822
- TI DP83825: https://www.ti.com/product/DP83825
- TI DP83826: https://www.ti.com/product/DP83826

Exploit Details

As a result of this vulnerability, an attacker could potentially exploit the uninitialized private_data pointer in DP83825 devices, leading to kernel crashes and unexpected behavior. While there have been no reported exploits in the wild, it is essential that affected parties apply the patch to prevent future issues.

Conclusion

In conclusion, the Linux kernel vulnerability, CVE-2024-46856, which affects the network PHY drivers in Texas Instruments DP83822, DP83825, and DP83826 devices, has been effectively resolved. By implementing the dp8382x_probe() function, the uninitialized private_data pointer issue is eliminated, ensuring the stability and security of the affected Linux systems.

Timeline

Published on: 09/27/2024 13:15:17 UTC
Last modified on: 10/01/2024 16:04:54 UTC