CVE-2024-35924

Summary

In the Linux kernel, the following vulnerability has been resolved:

usb: typec: ucsi: Limit read size on v1.2

Between UCSI 1.2 and UCSI 2.0, the size of the MESSAGE_IN region was increased from 16 to 256. In order to avoid overflowing reads for older systems, add a mechanism to use the read UCSI version to truncate read sizes on UCSI v1.2.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxbdc62f2bae8fb0e8e99574de5232f0a3c54a27df < 266f403ec47573046dee4bcebda82777ce702c40affected
LinuxLinuxbdc62f2bae8fb0e8e99574de5232f0a3c54a27df < 0defcaa09d3b21e8387829ee3a652c43fa91e13faffected
LinuxLinuxbdc62f2bae8fb0e8e99574de5232f0a3c54a27df < b3db266fb031fba88c423d4bb8983a73a3db6527affected
LinuxLinux5.5affected
LinuxLinux0 < 5.5unaffected
LinuxLinux6.6.27 <= 6.6.*unaffected
LinuxLinux6.8.6 <= 6.8.*unaffected
LinuxLinux6.9 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References