CVE-2024-27047

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-27047
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-27047.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-27047
Downstream
Related
Published
2024-05-01T12:54:25.156Z
Modified
2026-03-23T05:12:03.304886458Z
Summary
net: phy: fix phy_get_internal_delay accessing an empty array
Details

In the Linux kernel, the following vulnerability has been resolved:

net: phy: fix phygetinternal_delay accessing an empty array

The phygetinternaldelay function could try to access to an empty array in the case that the driver is calling phygetinternaldelay without defining delay_values and rx-internal-delay-ps or tx-internal-delay-ps is defined to 0 in the device-tree. This will lead to "unable to handle kernel NULL pointer dereference at virtual address 0". To avoid this kernel oops, the test should be delay

= 0. As there is already delay < 0 test just before, the test could only be size == 0.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/27xxx/CVE-2024-27047.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
92252eec913b2dd5e7b5de11ea3efa2e64d65cf4
Fixed
06dd21045a7e8bc8701b0ebedcd9a30a6325878b
Fixed
0e939a002c8a7d66e60bd0ea6b281fb39d713c1a
Fixed
2a2ff709511617de9c6c072eeee82bcbbdfecaf8
Fixed
589ec16174dd9378953b8232ae76fad0a96e1563
Fixed
c0691de7df1d51482a52cac93b7fe82fd9dd296b
Fixed
0307cf443308ecc6be9b2ca312bb31bae5e5a7ad
Fixed
4469c0c5b14a0919f5965c7ceac96b523eb57b79

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-27047.json"