#VU97503 Out-of-bounds read in Linux kernel - CVE-2024-46743

Vulnerability identifier: #VU97503

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46743

CWE-ID: CWE-125

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the of_irq_parse_one() function in drivers/of/irq.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/d2a79494d8a5262949736fb2c3ac44d20a51b0d8
https://git.kernel.org/stable/c/defcaa426ba0bc89ffdafb799d2e50b52f74ffc4
https://git.kernel.org/stable/c/9d1e9f0876b03d74d44513a0ed3ed15ef8f2fed5
https://git.kernel.org/stable/c/baaf26723beab3a04da578d3008be3544f83758f
https://git.kernel.org/stable/c/8ff351ea12e918db1373b915c4c268815929cbe5
https://git.kernel.org/stable/c/7ead730af11ee7da107f16fc77995613c58d292d
https://git.kernel.org/stable/c/bf68acd840b6a5bfd3777e0d5aaa204db6b461a9
https://git.kernel.org/stable/c/b739dffa5d570b411d4bdf4bb9b8dfd6b7d72305

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.