CVE-2024-46836

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: aspeed_udc: validate endpoint index for ast udc We should verify the bound of the array to assure that host may not manipulate the index to point past endpoint array. Found by static analysis.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

History

09 Oct 2024, 15:47

Type Values Removed Values Added
CWE CWE-129
First Time Linux linux Kernel
Linux
CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.8
References () https://git.kernel.org/stable/c/31bd4fab49c0adc6228848357c1b1df9395858af - () https://git.kernel.org/stable/c/31bd4fab49c0adc6228848357c1b1df9395858af - Patch
References () https://git.kernel.org/stable/c/6fe9ca2ca389114c8da66e534c18273497843e8a - () https://git.kernel.org/stable/c/6fe9ca2ca389114c8da66e534c18273497843e8a - Patch
References () https://git.kernel.org/stable/c/b2a50ffdd1a079869a62198a8d1441355c513c7c - () https://git.kernel.org/stable/c/b2a50ffdd1a079869a62198a8d1441355c513c7c - Patch
References () https://git.kernel.org/stable/c/ee0d382feb44ec0f445e2ad63786cd7f3f6a8199 - () https://git.kernel.org/stable/c/ee0d382feb44ec0f445e2ad63786cd7f3f6a8199 - Patch

30 Sep 2024, 12:45

Type Values Removed Values Added
Summary
  • (es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: usb: gadget: aspeed_udc: validar índice de endpoint para ast udc Debemos verificar el límite de la matriz para asegurarnos de que el host no pueda manipular el índice para que apunte más allá de la matriz de endpoints. Se encontró mediante análisis estático.

27 Sep 2024, 13:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-27 13:15

Updated : 2024-10-09 15:47


NVD link : CVE-2024-46836

Mitre link : CVE-2024-46836

CVE.ORG link : CVE-2024-46836


JSON object : View

Products Affected

linux

  • linux_kernel
CWE
CWE-129

Improper Validation of Array Index