PT-2024-10374 · Linux+5 · Linux Kernel+5

Published

2024-06-18

·

Updated

2025-02-03

·

CVE-2024-42092

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The issue is related to insufficient validation of input data in the davinci gpio probe() function of the Linux kernel's gpio component. This can lead to out-of-bounds access in the chips->irqs array. The value of pdata->gpio unbanked is taken from the Device Tree, and without proper validation, it can cause issues if the Device Tree is broken due to an error. The obtained nirq value is validated to prevent it from exceeding the maximum number of IRQs per bank.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Validation of Array Index

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-129CWE-20

Related Identifiers

BDU:2025-00879
CVE-2024-42092
DLA-4008-1
OESA-2024-1961
OESA-2024-1962
OESA-2024-1963
OESA-2024-1964
OESA-2025-1078
OPENSUSE-SU-2024_3190-1
OPENSUSE-SU-2024_3209-1
OPENSUSE-SU-2024_3483-1
SUSE-SU-2024:3190-1
SUSE-SU-2024:3194-1
SUSE-SU-2024:3195-1
SUSE-SU-2024:3209-1
SUSE-SU-2024:3383-1
SUSE-SU-2024:3483-1
SUSE-SU-2025:20044-1
SUSE-SU-2025:20047-1
USN-7003-1
USN-7003-2
USN-7003-3
USN-7003-4
USN-7003-5
USN-7006-1
USN-7007-1
USN-7007-2
USN-7007-3
USN-7009-1
USN-7009-2
USN-7019-1
USN-7089-1
USN-7089-2
USN-7089-3
USN-7089-4
USN-7089-5
USN-7089-6
USN-7089-7
USN-7090-1
USN-7095-1
USN-7156-1

Affected Products

Astra Linux
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu