PT-2024-35661 · Linux+7 · Linux Kernel+7

Published

2024-12-27

·

Updated

2025-11-18

·

CVE-2024-53214

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.12.0+
Description The issue concerns the Linux kernel's handling of PCIe extended capabilities. Specifically, it involves hiding the first capability in the list when it is unknown or intentionally chosen to be hidden from the user. The problem arises when the capability ID is not properly checked later in the vfio config do rw() function, leading to an out-of-bounds access to the ecap perms array. This can result in a warning and potential security issues. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited.
Recommendations To resolve the issue, update the Linux kernel to a version that includes the fix for properly hiding the first-in-list PCIe extended capability. As a temporary workaround, consider restricting access to the vfio pci config do rw() function until a patch is available. Avoid using the cap id variable in the affected API endpoint until the issue is resolved. At the moment, there is no information about additional mitigation measures.

Exploit

Fix

Out of bounds Read

Improper Validation of Array Index

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-129

Related Identifiers

ALT-PU-2025-12647
BDU:2025-04322
CVE-2024-53214
DLA-4075-1
DLA-4076-1
OESA-2025-1034
OESA-2025-1286
OESA-2025-1339
OESA-2025-2554
OESA-2025-2555
OPENSUSE-SU-2025_0117-1
OPENSUSE-SU-2025_0153-1
OPENSUSE-SU-2025_0154-1
OPENSUSE-SU-2025_0201-1
OPENSUSE-SU-2025_0202-1
OPENSUSE-SU-2025_0203-1
OPENSUSE-SU-2025_0229-1
SUSE-SU-2025:0117-1
SUSE-SU-2025:0153-1
SUSE-SU-2025:0154-1
SUSE-SU-2025:0201-1
SUSE-SU-2025:0201-2
SUSE-SU-2025:0202-1
SUSE-SU-2025:0203-1
SUSE-SU-2025:0229-1
SUSE-SU-2025:0230-1
SUSE-SU-2025:0231-1
SUSE-SU-2025:0236-1
SUSE-SU-2025:02387-1
SUSE-SU-2025:02388-1
SUSE-SU-2025:02389-1
SUSE-SU-2025:02390-1
SUSE-SU-2025:02391-1
SUSE-SU-2025:02392-1
SUSE-SU-2025:02396-1
SUSE-SU-2025:02398-1
SUSE-SU-2025:02400-1
SUSE-SU-2025:02401-1
SUSE-SU-2025:02403-1
SUSE-SU-2025:02410-1
SUSE-SU-2025:02411-1
SUSE-SU-2025:02412-1
SUSE-SU-2025:02415-1
SUSE-SU-2025:02416-1
SUSE-SU-2025:02419-1
SUSE-SU-2025:02420-1
SUSE-SU-2025:02422-1
SUSE-SU-2025:02428-1
SUSE-SU-2025:02433-1
SUSE-SU-2025:02434-1
SUSE-SU-2025:02436-1
SUSE-SU-2025:02440-1
SUSE-SU-2025:02446-1
SUSE-SU-2025:02449-1
SUSE-SU-2025:02454-1
SUSE-SU-2025:02455-1
SUSE-SU-2025:02459-1
SUSE-SU-2025:02507-1
SUSE-SU-2025:0289-1
SUSE-SU-2025:20165-1
SUSE-SU-2025:20166-1
SUSE-SU-2025:20248-1
SUSE-SU-2025:20249-1
SUSE-SU-2025:20517-1
SUSE-SU-2025:20518-1
SUSE-SU-2025:20519-1
SUSE-SU-2025:20525-1
SUSE-SU-2025:20526-1
SUSE-SU-2025:20527-1
SUSE-SU-2025:20540-1
SUSE-SU-2025:20541-1
SUSE-SU-2025:20544-1
SUSE-SU-2025:20545-1
SUSE-SU-2025:4123-1
SUSE-SU-2025_0201-1
SUSE-SU-2025_0201-2
SUSE-SU-2025_0202-1
SUSE-SU-2025_0203-1
SUSE-SU-2025_0236-1
USN-7276-1
USN-7277-1
USN-7310-1
USN-7387-1
USN-7387-2
USN-7387-3
USN-7388-1
USN-7389-1
USN-7390-1
USN-7391-1
USN-7392-1
USN-7392-2
USN-7392-3
USN-7392-4
USN-7393-1
USN-7401-1
USN-7407-1
USN-7413-1
USN-7421-1
USN-7449-1
USN-7449-2
USN-7450-1
USN-7451-1
USN-7452-1
USN-7453-1
USN-7458-1
USN-7459-1
USN-7459-2
USN-7463-1
USN-7468-1
USN-7523-1
USN-7524-1
USN-7539-1
USN-7540-1

Affected Products

Alt Linux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu