Thunderbolt Vulnerability Fix in Linux Kernel
CVE-2024-50227

7.1HIGH

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 9 November 2024

What is CVE-2024-50227?

A vulnerability has been identified in the Thunderbolt implementation of the Linux kernel, specifically in the tb_retimer_scan function. This flaw arises due to a stack out-of-bounds read caused by an incorrect loop variable increment, which results in reading past the declared stack array. The issue is evident in the Kernel Address Sanitizer (KASAN) reports, indicating that a read operation at an invalid memory address took place. The vulnerability could potentially allow unauthorized access to memory, thereby impacting the overall security posture of affected systems. The issue has been addressed by modifying the loop logic to ensure proper index assignment directly within the loop body.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux ff6ab055e070d819f51196622e08f8941b6d2a4b < 08b2771e9270fbe1ed4fbbe93abe05ac7fe9861d

Linux ff6ab055e070d819f51196622e08f8941b6d2a4b

Linux 6.11

References

https://git.kernel.org/stable/c/08b2771e9270fbe1ed4fbbe93...

https://git.kernel.org/stable/c/e9e1b20fae7de06ba36dd3f8d...

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 9, 2024
Vulnerability Reserved
Oct 21, 2024

JSON

Linux