Risk | Low |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2024-46743 |
CWE-ID | CWE-125 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software Subscribe |
Linux kernel Operating systems & Components / Operating system |
Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU97503
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46743
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the of_irq_parse_one() function in drivers/of/irq.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: All versions
CPE2.3http://git.kernel.org/stable/c/d2a79494d8a5262949736fb2c3ac44d20a51b0d8
http://git.kernel.org/stable/c/defcaa426ba0bc89ffdafb799d2e50b52f74ffc4
http://git.kernel.org/stable/c/9d1e9f0876b03d74d44513a0ed3ed15ef8f2fed5
http://git.kernel.org/stable/c/baaf26723beab3a04da578d3008be3544f83758f
http://git.kernel.org/stable/c/8ff351ea12e918db1373b915c4c268815929cbe5
http://git.kernel.org/stable/c/7ead730af11ee7da107f16fc77995613c58d292d
http://git.kernel.org/stable/c/bf68acd840b6a5bfd3777e0d5aaa204db6b461a9
http://git.kernel.org/stable/c/b739dffa5d570b411d4bdf4bb9b8dfd6b7d72305
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.