Out-of-bounds read in Linux kernel of driver
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2024-46743 |
| CWE-ID | CWE-125 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Out-of-bounds read
EUVDB-ID: #VU97503
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46743
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the of_irq_parse_one() function in drivers/of/irq.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: 4.19 - 6.10.9
CPE2.3- cpe:2.3:o:linux_foundation:linux_kernel:4.19:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.19.1:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.19.2:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.19.3:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.19.4:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.19.5:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.19.6:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.19.7:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.19.8:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.19.9:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/d2a79494d8a5262949736fb2c3ac44d20a51b0d8
https://git.kernel.org/stable/c/defcaa426ba0bc89ffdafb799d2e50b52f74ffc4
https://git.kernel.org/stable/c/9d1e9f0876b03d74d44513a0ed3ed15ef8f2fed5
https://git.kernel.org/stable/c/baaf26723beab3a04da578d3008be3544f83758f
https://git.kernel.org/stable/c/8ff351ea12e918db1373b915c4c268815929cbe5
https://git.kernel.org/stable/c/7ead730af11ee7da107f16fc77995613c58d292d
https://git.kernel.org/stable/c/bf68acd840b6a5bfd3777e0d5aaa204db6b461a9
https://git.kernel.org/stable/c/b739dffa5d570b411d4bdf4bb9b8dfd6b7d72305
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.322
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.226
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.167
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.284
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.110
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10.10
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.11
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.51
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
