{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-42139", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-29T15:50:41.189Z", "datePublished": "2024-07-30T07:46:33.401Z", "dateUpdated": "2024-12-19T09:13:53.348Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T09:13:53.348Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix improper extts handling\n\nExtts events are disabled and enabled by the application ts2phc.\nHowever, in case where the driver is removed when the application is\nrunning, a specific extts event remains enabled and can cause a kernel\ncrash.\nAs a side effect, when the driver is reloaded and application is started\nagain, remaining extts event for the channel from a previous run will\nkeep firing and the message \"extts on unexpected channel\" might be\nprinted to the user.\n\nTo avoid that, extts events shall be disabled when PTP is released."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/intel/ice/ice_ptp.c", "drivers/net/ethernet/intel/ice/ice_ptp.h"], "versions": [{"version": "172db5f91d5f7b91670c68a7547798b0b5374158", "lessThan": "9f69b31ae9e25dec27ad31fbc64dd99af16ee3d3", "status": "affected", "versionType": "git"}, {"version": "172db5f91d5f7b91670c68a7547798b0b5374158", "lessThan": "00d3b4f54582d4e4a02cda5886bb336eeab268cc", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/intel/ice/ice_ptp.c", "drivers/net/ethernet/intel/ice/ice_ptp.h"], "versions": [{"version": "5.14", "status": "affected"}, {"version": "0", "lessThan": "5.14", "status": "unaffected", "versionType": "semver"}, {"version": "6.9.9", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/9f69b31ae9e25dec27ad31fbc64dd99af16ee3d3"}, {"url": "https://git.kernel.org/stable/c/00d3b4f54582d4e4a02cda5886bb336eeab268cc"}], "title": "ice: Fix improper extts handling", "x_generator": {"engine": "bippy-5f407fcff5a0"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:54:32.564Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/9f69b31ae9e25dec27ad31fbc64dd99af16ee3d3", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/00d3b4f54582d4e4a02cda5886bb336eeab268cc", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-42139", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:15:59.830923Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:34:35.575Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/9f69b31ae9e25dec27ad31fbc64dd99af16ee3d3", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/00d3b4f54582d4e4a02cda5886bb336eeab268cc", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:54:32.564Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-42139", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:15:59.830923Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:24.648Z"}}], "cna": {"title": "ice: Fix improper extts handling", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "172db5f91d5f", "lessThan": "9f69b31ae9e2", "versionType": "git"}, {"status": "affected", "version": "172db5f91d5f", "lessThan": "00d3b4f54582", "versionType": "git"}], "programFiles": ["drivers/net/ethernet/intel/ice/ice_ptp.c", "drivers/net/ethernet/intel/ice/ice_ptp.h"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.14"}, {"status": "unaffected", "version": "0", "lessThan": "5.14", "versionType": "semver"}, {"status": "unaffected", "version": "6.9.9", "versionType": "semver", "lessThanOrEqual": "6.9.*"}, {"status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/net/ethernet/intel/ice/ice_ptp.c", "drivers/net/ethernet/intel/ice/ice_ptp.h"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/9f69b31ae9e25dec27ad31fbc64dd99af16ee3d3"}, {"url": "https://git.kernel.org/stable/c/00d3b4f54582d4e4a02cda5886bb336eeab268cc"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix improper extts handling\n\nExtts events are disabled and enabled by the application ts2phc.\nHowever, in case where the driver is removed when the application is\nrunning, a specific extts event remains enabled and can cause a kernel\ncrash.\nAs a side effect, when the driver is reloaded and application is started\nagain, remaining extts event for the channel from a previous run will\nkeep firing and the message \"extts on unexpected channel\" might be\nprinted to the user.\n\nTo avoid that, extts events shall be disabled when PTP is released."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:38:09.244Z"}}}, "cveMetadata": {"cveId": "CVE-2024-42139", "state": "PUBLISHED", "dateUpdated": "2024-11-05T09:38:09.244Z", "dateReserved": "2024-07-29T15:50:41.189Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-07-30T07:46:33.401Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "3CAC77E6-2424-4ED8-97EC-A0FC7881A134", "versionEndExcluding": "6.9.9", "versionStartIncluding": "5.14", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:*", "matchCriteriaId": "2EBB4392-5FA6-4DA9-9772-8F9C750109FA", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc2:*:*:*:*:*:*", "matchCriteriaId": "331C2F14-12C7-45D5-893D-8C52EE38EA10", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc3:*:*:*:*:*:*", "matchCriteriaId": "3173713D-909A-4DD3-9DD4-1E171EB057EE", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc4:*:*:*:*:*:*", "matchCriteriaId": "79F18AFA-40F7-43F0-BA30-7BDB65F918B9", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc5:*:*:*:*:*:*", "matchCriteriaId": "BD973AA4-A789-49BD-8D57-B2846935D3C7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc6:*:*:*:*:*:*", "matchCriteriaId": "8F3E9E0C-AC3E-4967-AF80-6483E8AB0078", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix improper extts handling\n\nExtts events are disabled and enabled by the application ts2phc.\nHowever, in case where the driver is removed when the application is\nrunning, a specific extts event remains enabled and can cause a kernel\ncrash.\nAs a side effect, when the driver is reloaded and application is started\nagain, remaining extts event for the channel from a previous run will\nkeep firing and the message \"extts on unexpected channel\" might be\nprinted to the user.\n\nTo avoid that, extts events shall be disabled when PTP is released."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ice: corrige el manejo incorrecto de extts. Los eventos extts est\u00e1n deshabilitados y habilitados por la aplicaci\u00f3n ts2phc. Sin embargo, en caso de que se elimine el controlador cuando la aplicaci\u00f3n se est\u00e1 ejecutando, un evento extts espec\u00edfico permanece habilitado y puede provocar un fallo del kernel. Como efecto secundario, cuando se recarga el controlador y se inicia nuevamente la aplicaci\u00f3n, el evento de extts restante para el canal de una ejecuci\u00f3n anterior seguir\u00e1 activando y es posible que se imprima al usuario el mensaje \"extts en un canal inesperado\". Para evitar eso, los eventos extts se desactivar\u00e1n cuando se libere PTP."}], "id": "CVE-2024-42139", "lastModified": "2024-12-11T15:13:24.877", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-07-30T08:15:05.757", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/00d3b4f54582d4e4a02cda5886bb336eeab268cc"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9f69b31ae9e25dec27ad31fbc64dd99af16ee3d3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/00d3b4f54582d4e4a02cda5886bb336eeab268cc"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9f69b31ae9e25dec27ad31fbc64dd99af16ee3d3"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-754"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:7004", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "kernel-0:5.14.0-284.85.1.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-09-24T00:00:00Z"}, {"advisory": "RHSA-2024:7005", "cpe": "cpe:/a:redhat:rhel_eus:9.2::nfv", "package": "kernel-rt-0:5.14.0-284.85.1.rt14.370.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-09-24T00:00:00Z"}], "bugzilla": {"description": "kernel: ice: Fix improper extts handling", "id": "2301504", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301504"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-476", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nice: Fix improper extts handling\nExtts events are disabled and enabled by the application ts2phc.\nHowever, in case where the driver is removed when the application is\nrunning, a specific extts event remains enabled and can cause a kernel\ncrash.\nAs a side effect, when the driver is reloaded and application is started\nagain, remaining extts event for the channel from a previous run will\nkeep firing and the message \"extts on unexpected channel\" might be\nprinted to the user.\nTo avoid that, extts events shall be disabled when PTP is released."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-42139", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-07-30T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-42139\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-42139\nhttps://lore.kernel.org/linux-cve-announce/2024073030-CVE-2024-42139-f8ef@gregkh/T"], "threat_severity": "Moderate"}