of/irq: Prevent device address out-of-bounds read in interrupt map walk
CVE-2024-46743

7.1HIGH

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 18 September 2024

What is CVE-2024-46743?

This vulnerability in the Linux kernel arises when of_irq_parse_raw() is called with a device address that is smaller than the interrupt parent node derived from the #address-cells property. The kernel's AddressSanitizer (KASAN) detects an out-of-bounds read during the population of the initial match table, potentially leading to unauthorized access to memory. This issue, characterized by the significant risk of exploitation, demonstrates a gap in memory management, particularly at the level of interrupt mapping. To mitigate this vulnerability, it is essential to implement proper memory size checks and copy the device address into adequately sized buffers.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux cc9fd71c62f542233c412b5fabc1bbe0c4d5ad08

Linux cc9fd71c62f542233c412b5fabc1bbe0c4d5ad08 < 9d1e9f0876b03d74d44513a0ed3ed15ef8f2fed5

References

https://git.kernel.org/stable/c/d2a79494d8a5262949736fb2c...

https://git.kernel.org/stable/c/defcaa426ba0bc89ffdafb799...

https://git.kernel.org/stable/c/9d1e9f0876b03d74d44513a0e...

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 18, 2024
Vulnerability Reserved
Sep 11, 2024

JSON

Linux