PT-2024-28079 · Linux+4 · Linux Kernel+4

Published

2024-06-19

·

Updated

2025-06-16

·

CVE-2024-38606

CVSS v3.1

7.1

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The issue is related to the validation of slices count returned by firmware in the Linux kernel's crypto: qat module. The function adf send admin tl start() enables the telemetry feature on a QAT device by sending the ICP QAT FW TL START message to the firmware, which returns an array containing the number of accelerators of each type supported by the hardware. This array is stored in the adf tl hw data data structure called slice cnt. An incorrect value in slice cnt might lead to an out of bounds memory read. Although there is no current implementation of firmware that returns a wrong value, the validation of the slice count array is performed for robustness.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

CVE-2024-38606
OESA-2024-1960
OPENSUSE-SU-2025_1177-1
OPENSUSE-SU-2025_1178-1
OPENSUSE-SU-2025_1180-1
SUSE-SU-2025:01919-1
SUSE-SU-2025:01951-1
SUSE-SU-2025:01967-1
SUSE-SU-2025:1177-1
SUSE-SU-2025:1178-1
SUSE-SU-2025:1180-1
SUSE-SU-2025:20190-1
SUSE-SU-2025:20192-1
SUSE-SU-2025:20260-1
SUSE-SU-2025:20270-1
SUSE-SU-2025_01951-1
SUSE-SU-2025_01967-1
SUSE-SU-2025_1177-1
SUSE-SU-2025_1178-1
SUSE-SU-2025_1180-1
USN-6949-1
USN-6949-2
USN-6952-1
USN-6952-2
USN-6955-1

Affected Products

Astra Linux
Linuxmint
Linux Kernel
Suse
Ubuntu