PT-2024-33727 · Linux+7 · Linux Kernel+7
Published
2024-09-23
·
Updated
2025-09-29
·
CVE-2024-49886
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions:
Linux kernel versions prior to 6.6.58
Description:
A slab-out-of-bounds bug has been resolved in the Linux kernel. The issue occurs when attaching an SST PCI device to a VM, causing a "BUG: KASAN: slab-out-of-bounds" error. The bug is related to the
isst if get pci dev function in the isst if common module. The error is triggered by a read of size 8 at a specific address, which is located outside the allocated memory region.Recommendations:
To resolve the issue, update the Linux kernel to version 6.6.58 or later. As a temporary workaround, consider disabling the
isst if get pci dev function until a patch is available. Restrict access to the isst if common module to minimize the risk of exploitation. Avoid using the affected API endpoints until the issue is resolved. At the moment, there is no other information about additional mitigation measures.Exploit
Fix
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Astra Linux
Linuxmint
Linux Kernel
Red Hat
Red Os
Suse
Ubuntu