CVE-2024-35992

Summary

In the Linux kernel, the following vulnerability has been resolved:

phy: marvell: a3700-comphy: Fix out of bounds read

There is an out of bounds read access of 'gbe_phy_init_fix[fix_idx].addr' every iteration after 'fix_idx' reaches 'ARRAY_SIZE(gbe_phy_init_fix)'.

Make sure 'gbe_phy_init[addr]' is used when all elements of 'gbe_phy_init_fix' array are handled.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux934337080c6c59b75db76b180b509f218640ad48 < 976df695f579bbb2914114b4e9974fe4ed1eb813affected
LinuxLinux934337080c6c59b75db76b180b509f218640ad48 < 610f175d2e16fb2436ba7974b990563002c20d07affected
LinuxLinux934337080c6c59b75db76b180b509f218640ad48 < 40406dfbc060503d2e0a9e637e98493c54997b3daffected
LinuxLinux934337080c6c59b75db76b180b509f218640ad48 < e4308bc22b9d46cf33165c9dfaeebcf29cd56f04affected
LinuxLinux5.18affected
LinuxLinux0 < 5.18unaffected
LinuxLinux6.1.90 <= 6.1.*unaffected
LinuxLinux6.6.30 <= 6.6.*unaffected
LinuxLinux6.8.9 <= 6.8.*unaffected
LinuxLinux6.9 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References