PT-2024-29208 · Linux+5 · Linux Kernel+5

Oliver Sang

Published

2024-07-09

Updated

2025-02-03

CVE-2024-41028

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to an array out-of-bounds access in the toshiba acpi driver. This occurs because the toshiba dmi quirks array is not properly terminated with an empty entry, which is required for use with standard DMI matching functions. As a result, an array out-of-bounds access happens every time the quirk list is processed. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Out of bounds Read

Improper Validation of Array Index

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-129

Related Identifiers

BDU:2025-01338

CVE-2024-41028

DLA-4008-1

MGASA-2024-0277

MGASA-2024-0278

OESA-2024-2076

SUSE-SU-2024:3194-1

SUSE-SU-2024:3195-1

SUSE-SU-2024:3383-1

SUSE-SU-2025:20044-1

SUSE-SU-2025:20047-1

USN-7089-1

USN-7089-2

USN-7089-3

USN-7089-4

USN-7089-5

USN-7089-6

USN-7089-7

USN-7090-1

USN-7095-1

USN-7156-1

Affected Products

Astra Linux

Linuxmint

Linux Kernel

Red Os

Suse

Ubuntu

PT-2024-29208 · Linux+5 · Linux Kernel+5

CVE-2024-41028

Weakness Enumeration

Related Identifiers

Affected Products

References · 1700