PT-2024-35650 · Linux+8 · Linux Kernel+8

Dan Carpenter

+1

·

Published

2024-11-12

·

Updated

2026-04-20

·

CVE-2024-53203

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A potential array underflow issue has been identified in the Linux kernel, specifically in the ucsi ccg sync control() function. The command variable can be controlled by the user via debugfs, which poses a risk if con index is zero, potentially leading to an array underflow. The issue arises when accessing &uc->ucsi->connector[con index - 1].
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Validation of Array Index

Weakness Enumeration

CWE-129

Related Identifiers

ALSA-2025_12746
ALSA-2025_12752
ALSA-2025_12753
ALSA-2025_16880
ALT-PU-2025-12647
AZL-55733
AZL-55788
BDU:2025-07219
CVE-2024-53203
DLA-4271-1
DLA-4327-1
DSA-5925-1
ECHO-3014-29B5-3ADE
INFSA-2025_6966
OESA-2025-1078
OESA-2025-1079
OESA-2025-1113
OESA-2025-1114
OPENSUSE-SU-2025_0428-1
OPENSUSE-SU-2025_0499-1
OPENSUSE-SU-2025_0557-1
RHSA-2025:6966
RHSA-2025_6966
SUSE-SU-2025:0428-1
SUSE-SU-2025:0499-1
SUSE-SU-2025:0557-1
SUSE-SU-2025:0564-1
SUSE-SU-2025:20165-1
SUSE-SU-2025:20166-1
SUSE-SU-2025:20248-1
SUSE-SU-2025:20249-1
SUSE-SU-2025_0428-1
SUSE-SU-2025_0499-1
SUSE-SU-2025_0557-1
USN-7276-1
USN-7277-1
USN-7310-1
USN-7449-1
USN-7449-2
USN-7450-1
USN-7451-1
USN-7452-1
USN-7453-1
USN-7468-1
USN-7523-1
USN-7524-1
USN-7654-1
USN-7654-2
USN-7654-3
USN-7654-4
USN-7654-5
USN-7655-1
USN-7686-1
USN-7711-1
USN-7712-1
USN-7712-2

Affected Products

Alt Linux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Hat
Red Os
Suse
Ubuntu