PT-2024-36972 · Linux+10 · Linux Kernel+10
Syzbot
·
Published
2024-12-04
·
Updated
2025-11-12
·
CVE-2024-56662
CVSS v2.0
6.2
Medium
| Vector | AV:L/AC:L/Au:S/C:C/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 6.6.74
Description
The issue occurs in the
cmd to func function when the call pkg->nd reserved2 array is accessed without verifying that call pkg points to a buffer that is appropriately sized as a struct nd cmd pkg. This can lead to out-of-bounds access and undefined behavior if the buffer does not have sufficient space. A check was added in acpi nfit ctl() to ensure that buf is not NULL and that buf len is less than sizeof(*call pkg) before accessing it.Recommendations
To address this issue, update to Linux kernel version 6.6.74 or later. As a temporary workaround, consider restricting access to the
acpi nfit ctl() function until a patch is available. Additionally, ensure that the buf is not NULL and that buf len is less than sizeof(*call pkg) before accessing the call pkg->nd reserved2 array.Exploit
Fix
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Almalinux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu