Description

In the Linux kernel, the following vulnerability has been resolved: scsi: pm80xx: Set phy->enable_completion only when we wait for it pm8001_phy_control() populates the enable_completion pointer with a stack address, sends a PHY_LINK_RESET / PHY_HARD_RESET, waits 300 ms, and returns. The problem arises when a phy control response comes late. After 300 ms the pm8001_phy_control() function returns and the passed enable_completion stack address is no longer valid. Late phy control response invokes complete() on a dangling enable_completion pointer which leads to a kernel crash.

INFO

Published Date :

2024-10-09T14:13:58.849Z

Last Modified :

2026-01-05T10:53:49.051Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2024-47666 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-47666.

URL Resource
https://git.kernel.org/stable/c/7b1d779647afaea9185fa2f150b1721e7c1aae89 cve-icon cve-icon
https://git.kernel.org/stable/c/a5d954802bda1aabcba49633cd94bad91c94113f cve-icon cve-icon
https://git.kernel.org/stable/c/ddc501f4130f4baa787cb6cfa309af697179f475 cve-icon cve-icon
https://git.kernel.org/stable/c/e23ee0cc5bded07e700553aecc333bb20c768546 cve-icon cve-icon
https://git.kernel.org/stable/c/e4f949ef1516c0d74745ee54a0f4882c1f6c7aea cve-icon cve-icon
https://git.kernel.org/stable/c/f14d3e1aa613311c744af32d75125e95fc8ffb84 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2024100905-CVE-2024-47666-0015@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-47666 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-47666 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact