CVE-2024-46833

Summary

In the Linux kernel, the following vulnerability has been resolved:

net: hns3: void array out of bound when loop tnl_num

When query reg inf of SSU, it loops tnl_num times. However, tnl_num comes from hardware and the length of array is a fixed value. To void array out of bound, make sure the loop time is not greater than the length of array

Affected Software

VendorProductVersion RangeStatus
LinuxLinux8a4bda8cb9e43e1fae96c4c4aa94069f49dc3a68 < c33a9806dc806bcb4a31dc71fb06979219181ad4affected
LinuxLinux8a4bda8cb9e43e1fae96c4c4aa94069f49dc3a68 < 86db7bfb06704ef17340eeae71c832f21cfce35caffected
LinuxLinux6.10affected
LinuxLinux0 < 6.10unaffected
LinuxLinux6.10.10 <= 6.10.*unaffected
LinuxLinux6.11 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References