CVE-2024-41028
Published: July 31, 2024Last modified: July 31, 2024
Description
In the Linux kernel, the following vulnerability has been resolved: platform/x86: toshiba_acpi: Fix array out-of-bounds access In order to use toshiba_dmi_quirks[] together with the standard DMI matching functions, it must be terminated by a empty entry. Since this entry is missing, an array out-of-bounds access occurs every time the quirk list is processed. Fix this by adding the terminating empty entry.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 7.8 |
| Attack Vector | LOCAL |
| Attack complexity | LOW |
| Privileges required | LOW |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | HIGH |
| Integrity impact | HIGH |
| Availability impact | HIGH |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Status
| Product | Release | Package | Status |
|---|---|---|---|
| Alpaquita Linux | 23 LTS | linux-lts | Fixed (6.1.104-r0) |
| 25 LTS | linux-lts | Fixed (6.12.41-r0) | |
| Stream | linux-lts | Fixed (6.12.41-r0) |
References
- https://git.kernel.org/stable/c/0d71da43d6b7916d36cf1953d793da80433c50bf
- https://git.kernel.org/stable/c/639868f1cb87b683cf830353bbee0c4078202313
- https://git.kernel.org/stable/c/b6e02c6b0377d4339986e07aeb696c632cd392aa
- https://git.kernel.org/stable/c/e030aa6c972641cb069086a8c7a0f747653e472a
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html