CVE-2024-35924
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
usb: typec: ucsi: Limit read size on v1.2
Between UCSI 1.2 and UCSI 2.0, the size of the MESSAGE_IN region was increased from 16 to 256. In order to avoid overflowing reads for older systems, add a mechanism to use the read UCSI version to truncate read sizes on UCSI v1.2.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | bdc62f2bae8fb0e8e99574de5232f0a3c54a27df < 266f403ec47573046dee4bcebda82777ce702c40 | affected |
| Linux | Linux | bdc62f2bae8fb0e8e99574de5232f0a3c54a27df < 0defcaa09d3b21e8387829ee3a652c43fa91e13f | affected |
| Linux | Linux | bdc62f2bae8fb0e8e99574de5232f0a3c54a27df < b3db266fb031fba88c423d4bb8983a73a3db6527 | affected |
| Linux | Linux | 5.5 | affected |
| Linux | Linux | 0 < 5.5 | unaffected |
| Linux | Linux | 6.6.27 <= 6.6.* | unaffected |
| Linux | Linux | 6.8.6 <= 6.8.* | unaffected |
| Linux | Linux | 6.9 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
- https://git.kernel.org/stable/c/266f403ec47573046dee4bcebda82777ce702c40
- https://git.kernel.org/stable/c/0defcaa09d3b21e8387829ee3a652c43fa91e13f
- https://git.kernel.org/stable/c/b3db266fb031fba88c423d4bb8983a73a3db6527
References
- https://git.kernel.org/stable/c/266f403ec47573046dee4bcebda82777ce702c40
- https://git.kernel.org/stable/c/0defcaa09d3b21e8387829ee3a652c43fa91e13f
- https://git.kernel.org/stable/c/b3db266fb031fba88c423d4bb8983a73a3db6527
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.