CVE-2024-42092
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
gpio: davinci: Validate the obtained number of IRQs
Value of pdata->gpio_unbanked is taken from Device Tree. In case of broken DT due to any error this value can be any. Without this value validation there can be out of chips->irqs array boundaries access in davinci_gpio_probe().
Validate the obtained nirq value so that it won't exceed the maximum number of IRQs per bank.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | eb3744a2dd01cb07ce9f556d56d6fe451f0c313a < a8d78984fdc105bc1a38b73e98d32b1bc4222684 | affected |
| Linux | Linux | eb3744a2dd01cb07ce9f556d56d6fe451f0c313a < cd75721984337c38a12aeca33ba301d31ca4b3fd | affected |
| Linux | Linux | eb3744a2dd01cb07ce9f556d56d6fe451f0c313a < e44a83bf15c4db053ac6dfe96a23af184c9136d9 | affected |
| Linux | Linux | eb3744a2dd01cb07ce9f556d56d6fe451f0c313a < 70b48899f3f23f98a52c5b1060aefbdc7ba7957b | affected |
| Linux | Linux | eb3744a2dd01cb07ce9f556d56d6fe451f0c313a < 89d7008af4945808677662a630643b5ea89c6e8d | affected |
| Linux | Linux | eb3744a2dd01cb07ce9f556d56d6fe451f0c313a < 2d83492259ad746b655f196cd5d1be4b3d0a3782 | affected |
| Linux | Linux | eb3744a2dd01cb07ce9f556d56d6fe451f0c313a < c542e51306d5f1eba3af84daa005826223382470 | affected |
| Linux | Linux | eb3744a2dd01cb07ce9f556d56d6fe451f0c313a < 7aa9b96e9a73e4ec1771492d0527bd5fc5ef9164 | affected |
| Linux | Linux | 4.19 | affected |
| Linux | Linux | 0 < 4.19 | unaffected |
| Linux | Linux | 4.19.317 <= 4.19.* | unaffected |
| Linux | Linux | 5.4.279 <= 5.4.* | unaffected |
| Linux | Linux | 5.10.221 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.162 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.97 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.37 <= 6.6.* | unaffected |
| Linux | Linux | 6.9.8 <= 6.9.* | unaffected |
| Linux | Linux | 6.10 <= * | unaffected |
Weaknesses
ADP Enrichment
CVE Program Container
Additional References
- https://git.kernel.org/stable/c/a8d78984fdc105bc1a38b73e98d32b1bc4222684
- https://git.kernel.org/stable/c/cd75721984337c38a12aeca33ba301d31ca4b3fd
- https://git.kernel.org/stable/c/e44a83bf15c4db053ac6dfe96a23af184c9136d9
- https://git.kernel.org/stable/c/70b48899f3f23f98a52c5b1060aefbdc7ba7957b
- https://git.kernel.org/stable/c/89d7008af4945808677662a630643b5ea89c6e8d
- https://git.kernel.org/stable/c/2d83492259ad746b655f196cd5d1be4b3d0a3782
- https://git.kernel.org/stable/c/c542e51306d5f1eba3af84daa005826223382470
- https://git.kernel.org/stable/c/7aa9b96e9a73e4ec1771492d0527bd5fc5ef9164
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://git.kernel.org/stable/c/a8d78984fdc105bc1a38b73e98d32b1bc4222684
- https://git.kernel.org/stable/c/cd75721984337c38a12aeca33ba301d31ca4b3fd
- https://git.kernel.org/stable/c/e44a83bf15c4db053ac6dfe96a23af184c9136d9
- https://git.kernel.org/stable/c/70b48899f3f23f98a52c5b1060aefbdc7ba7957b
- https://git.kernel.org/stable/c/89d7008af4945808677662a630643b5ea89c6e8d
- https://git.kernel.org/stable/c/2d83492259ad746b655f196cd5d1be4b3d0a3782
- https://git.kernel.org/stable/c/c542e51306d5f1eba3af84daa005826223382470
- https://git.kernel.org/stable/c/7aa9b96e9a73e4ec1771492d0527bd5fc5ef9164
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.