CVE-2024-56728: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_ethtool.c
First published: Sun Dec 29 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_ethtool.c Add error pointer check after calling otx2_mbox_get_rsp().
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | >=5.7<5.10.231 | |
| Linux Kernel | >=5.11<5.15.174 | |
| Linux Kernel | >=5.16<6.1.120 | |
| Linux Kernel | >=6.2<6.6.64 | |
| Linux Kernel | >=6.7<6.11.11 | |
| Linux Kernel | >=6.12<6.12.2 | |
| debian/linux | <=5.10.223-1 | 5.10.234-1 6.1.129-1 6.1.128-1 6.12.20-1 6.12.21-1 |
| debian/linux-6.1 | 6.1.129-1~deb11u1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/5ff9de1f2712cbca53da2e37d831eea7ffcb43b6
- https://git.kernel.org/stable/c/55c41b97001a09bb490ffa2e667e251d75d15ab1
- https://git.kernel.org/stable/c/05a6ce174c0c724e5914e1e5efd826bab8f382b4
- https://git.kernel.org/stable/c/c0f64fd73b60aee85f88c270c9d714ead27a7b7a
- https://git.kernel.org/stable/c/6cda142cee032b8fe65ee11f78721721c3988feb
- https://git.kernel.org/stable/c/2db2194727b1f49a5096c1c3981adef1b7638733
- https://git.kernel.org/stable/c/e26f8eac6bb20b20fdb8f7dc695711ebce4c7c5c
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56728
- https://nvd.nist.gov/vuln/detail/CVE-2024-56728
- https://launchpad.net/bugs/cve/CVE-2024-56728
- https://security-tracker.debian.org/tracker/CVE-2024-56728
- https://ubuntu.com/security/CVE-2024-56728
- https://git.kernel.org/linus/e26f8eac6bb20b20fdb8f7dc695711ebce4c7c5c
Frequently Asked Questions
What is the severity of CVE-2024-56728?
CVE-2024-56728 has a medium severity rating due to the potential for exploitation if not properly addressed.
How do I fix CVE-2024-56728?
To fix CVE-2024-56728, update your Linux kernel to a version later than 5.10.231, 5.15.174, 6.1.120, 6.6.64, 6.11.11, or 6.12.2 depending on your current version.
Which versions of the Linux kernel are affected by CVE-2024-56728?
CVE-2024-56728 affects Linux kernel versions between 5.7 and 5.10.231, 5.11 and 5.15.174, 5.16 and 6.1.120, 6.2 and 6.6.64, 6.7 and 6.11.11, and 6.12 and 6.12.2.
What is the nature of the vulnerability CVE-2024-56728?
CVE-2024-56728 is a vulnerability in the Linux kernel related to improper error handling in otx2_ethtool.c when communicating with the otx2 mailbox.
Can CVE-2024-56728 be exploited remotely?
CVE-2024-56728 could potentially be exploited if an attacker can interact with the affected kernel modules, making proper updates essential.
- agent/title
- agent/first-publish-date
- agent/type
- agent/author
- agent/remedy
- agent/severity
- agent/weakness
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/references
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-cve
- agent/tags
- agent/softwarecombine
- collector/usn-cve
- source/Ubuntu
- agent/description
- agent/event
- collector/launchpad-cve
- source/Launchpad
- collector/security-tracker-debian
- source/Debian
- vendor/linux
- canonical/linux kernel
- version/linux kernel/5.7
- version/linux kernel/5.11
- version/linux kernel/5.16
- version/linux kernel/6.2
- version/linux kernel/6.7
- version/linux kernel/6.12
- package-manager/debian