CVE-2024-46836
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
usb: gadget: aspeed_udc: validate endpoint index for ast udc
We should verify the bound of the array to assure that host may not manipulate the index to point past endpoint array.
Found by static analysis.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 055276c1320564b0192b3af323b8cc67f9b665e1 < 31bd4fab49c0adc6228848357c1b1df9395858af | affected |
| Linux | Linux | 055276c1320564b0192b3af323b8cc67f9b665e1 < b2a50ffdd1a079869a62198a8d1441355c513c7c | affected |
| Linux | Linux | 055276c1320564b0192b3af323b8cc67f9b665e1 < 6fe9ca2ca389114c8da66e534c18273497843e8a | affected |
| Linux | Linux | 055276c1320564b0192b3af323b8cc67f9b665e1 < ee0d382feb44ec0f445e2ad63786cd7f3f6a8199 | affected |
| Linux | Linux | 6.0 | affected |
| Linux | Linux | 0 < 6.0 | unaffected |
| Linux | Linux | 6.1.110 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.51 <= 6.6.* | unaffected |
| Linux | Linux | 6.10.10 <= 6.10.* | unaffected |
| Linux | Linux | 6.11 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
References
- https://git.kernel.org/stable/c/31bd4fab49c0adc6228848357c1b1df9395858af
- https://git.kernel.org/stable/c/b2a50ffdd1a079869a62198a8d1441355c513c7c
- https://git.kernel.org/stable/c/6fe9ca2ca389114c8da66e534c18273497843e8a
- https://git.kernel.org/stable/c/ee0d382feb44ec0f445e2ad63786cd7f3f6a8199
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.