Stefan Wiehler

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.6.52 **Description** The issue is related to a device address out-of-bounds read in the interrupt map walk. When `of irq parse raw()` is invoked with a device address smaller than the interrupt parent node, KASAN detects an out-of-bounds read. This can lead to a slab-out-of-bounds error in `of irq parse raw()`. The vulnerability is caused by not copying the device address into a buffer of sufficient size. The `of irq parse one()` function is also involved in this issue, and the `of irq parse raw()` function is called with a device address that is too small. The error occurs when the `addrsize` is 3, but the `size` is only 2. The vulnerability can be exploited by an attacker to impact the confidentiality and availability of protected information. However, there is no information about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** To resolve the issue, update the Linux kernel to version 6.6.52 or later. This version includes the fix for the out-of-bounds read in the interrupt map walk. Note: There is no information about specific mitigation measures or workarounds for this vulnerability. The only recommended solution is to update the Linux kernel to a version that includes the fix.