CVE-2024-42107 in Linuxinfo

Summary

by MITRE • 07/30/2024

In the Linux kernel, the following vulnerability has been resolved:

ice: Don't process extts if PTP is disabled

The ice_ptp_extts_event() function can race with ice_ptp_release() and result in a NULL pointer dereference which leads to a kernel panic.

Panic occurs because the ice_ptp_extts_event() function calls ptp_clock_event() with a NULL pointer. The ice driver has already released the PTP clock by the time the interrupt for the next external timestamp event occurs.

To fix this, modify the ice_ptp_extts_event() function to check the PTP state and bail early if PTP is not ready.

Be aware that VulDB is the high quality source for vulnerability data.

Analysis

by VulDB Data Team • 07/19/2025

The vulnerability identified as CVE-2024-42107 represents a critical race condition within the Intel Ethernet Connection (ice) driver for the Linux kernel that can lead to system instability and potential denial of service. This flaw exists in the handling of external timestamp events within the Precision Time Protocol (PTP) implementation, specifically affecting network interface cards that utilize the ice driver for high-precision timing operations. The issue manifests when the driver processes external timestamp events while simultaneously handling PTP clock release operations, creating a scenario where timing-sensitive operations can result in system crashes.

The technical root cause of this vulnerability lies in the improper synchronization between the ice_ptp_extts_event() function and the ice_ptp_release() function within the driver's PTP subsystem. When a PTP clock is released, the associated data structures are deallocated, but interrupt handlers may still attempt to process pending external timestamp events. The ice_ptp_extts_event() function invokes ptp_clock_event() with a NULL pointer reference, as the PTP clock structure has already been freed by the time the external timestamp interrupt occurs. This race condition creates a classic null pointer dereference scenario that results in immediate kernel panic and system termination.

The operational impact of this vulnerability extends beyond simple system crashes to potentially compromise network infrastructure reliability in environments where precise timing is critical. Systems utilizing Intel Ethernet adapters with PTP capabilities, particularly those in telecommunications, financial services, and industrial control environments, face significant risk from this flaw. The vulnerability can be triggered through normal network operations when PTP is enabled and external timestamp events occur during or immediately following PTP clock release operations. Attackers could potentially exploit this weakness to cause denial of service attacks against network infrastructure, disrupting time-sensitive applications and services that depend on reliable PTP functionality.

This vulnerability aligns with CWE-416, which addresses use after free conditions, and demonstrates characteristics consistent with ATT&CK technique T1499.004, which involves network disruption through system resource exhaustion or instability. The fix implemented for CVE-2024-42107 involves modifying the ice_ptp_extts_event() function to perform early state validation before processing external timestamp events. The solution requires checking the PTP state and returning immediately if PTP is not ready or has been released, preventing the null pointer dereference that leads to kernel panic. This defensive programming approach ensures that interrupt handlers only operate on valid data structures and prevents the race condition between PTP clock release and external timestamp event processing. The mitigation strategy represents a standard best practice for preventing use-after-free vulnerabilities in kernel space drivers and aligns with the broader security principle of validating all pointer references before dereferencing them in critical system components.

Responsible

Linux

Reservation

07/29/2024

Disclosure

07/30/2024

Moderation

accepted

CPE

ready

EPSS

0.00154

KEV

no

Activities

very low

Sources

Want to stay up to date on a daily basis?

Enable the mail alert feature now!