Out-of-bounds read in Linux kernel of driver



Published: 2024-09-18
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2024-46743
CWE-ID CWE-125
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe 		Linux kernel
Operating systems & Components / Operating system

Vendor Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Out-of-bounds read

EUVDB-ID: #VU97503

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-46743

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the of_irq_parse_one() function in drivers/of/irq.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

CPE2.3
External links

http://git.kernel.org/stable/c/d2a79494d8a5262949736fb2c3ac44d20a51b0d8
http://git.kernel.org/stable/c/defcaa426ba0bc89ffdafb799d2e50b52f74ffc4
http://git.kernel.org/stable/c/9d1e9f0876b03d74d44513a0ed3ed15ef8f2fed5
http://git.kernel.org/stable/c/baaf26723beab3a04da578d3008be3544f83758f
http://git.kernel.org/stable/c/8ff351ea12e918db1373b915c4c268815929cbe5
http://git.kernel.org/stable/c/7ead730af11ee7da107f16fc77995613c58d292d
http://git.kernel.org/stable/c/bf68acd840b6a5bfd3777e0d5aaa204db6b461a9
http://git.kernel.org/stable/c/b739dffa5d570b411d4bdf4bb9b8dfd6b7d72305


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###