CVE-2024-42092

Summary

In the Linux kernel, the following vulnerability has been resolved:

gpio: davinci: Validate the obtained number of IRQs

Value of pdata->gpio_unbanked is taken from Device Tree. In case of broken DT due to any error this value can be any. Without this value validation there can be out of chips->irqs array boundaries access in davinci_gpio_probe().

Validate the obtained nirq value so that it won't exceed the maximum number of IRQs per bank.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxeb3744a2dd01cb07ce9f556d56d6fe451f0c313a < a8d78984fdc105bc1a38b73e98d32b1bc4222684affected
LinuxLinuxeb3744a2dd01cb07ce9f556d56d6fe451f0c313a < cd75721984337c38a12aeca33ba301d31ca4b3fdaffected
LinuxLinuxeb3744a2dd01cb07ce9f556d56d6fe451f0c313a < e44a83bf15c4db053ac6dfe96a23af184c9136d9affected
LinuxLinuxeb3744a2dd01cb07ce9f556d56d6fe451f0c313a < 70b48899f3f23f98a52c5b1060aefbdc7ba7957baffected
LinuxLinuxeb3744a2dd01cb07ce9f556d56d6fe451f0c313a < 89d7008af4945808677662a630643b5ea89c6e8daffected
LinuxLinuxeb3744a2dd01cb07ce9f556d56d6fe451f0c313a < 2d83492259ad746b655f196cd5d1be4b3d0a3782affected
LinuxLinuxeb3744a2dd01cb07ce9f556d56d6fe451f0c313a < c542e51306d5f1eba3af84daa005826223382470affected
LinuxLinuxeb3744a2dd01cb07ce9f556d56d6fe451f0c313a < 7aa9b96e9a73e4ec1771492d0527bd5fc5ef9164affected
LinuxLinux4.19affected
LinuxLinux0 < 4.19unaffected
LinuxLinux4.19.317 <= 4.19.*unaffected
LinuxLinux5.4.279 <= 5.4.*unaffected
LinuxLinux5.10.221 <= 5.10.*unaffected
LinuxLinux5.15.162 <= 5.15.*unaffected
LinuxLinux6.1.97 <= 6.1.*unaffected
LinuxLinux6.6.37 <= 6.6.*unaffected
LinuxLinux6.9.8 <= 6.9.*unaffected
LinuxLinux6.10 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References