PT-2024-4091 · Linux+6 · Linux Kernel+6

Huai-Yuan Liu

·

Published

2024-05-04

·

Updated

2025-09-29

·

CVE-2024-36015

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The issue is related to the register device function in the Linux kernel, where the return value of ida simple get is unchecked, leading to the use of an invalid index value. This can cause the kernel to access memory outside the allocated buffer, potentially affecting confidentiality, integrity, and availability of protected information. To address this issue, the index should be checked after ida simple get, and when the index value is abnormal, a warning message should be printed, the port should be dropped, and the value should be recorded.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Out of bounds Read

Memory Corruption

Improper Validation of Array Index

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-787CWE-129

Related Identifiers

ALSA-2025_12746
ALSA-2025_12752
ALSA-2025_12753
ALSA-2025_16880
BDU:2024-04542
CVE-2024-36015
DLA-3840-1
DSA-5730-1
INFSA-2024_9315
OESA-2024-1692
OESA-2024-1693
OESA-2024-1694
OESA-2024-2296
RHSA-2024:9315
RHSA-2024_9315
SUSE-SU-2024:1979-1
SUSE-SU-2024:1983-1
SUSE-SU-2024:2008-1
SUSE-SU-2024:2019-1
SUSE-SU-2024:2135-1
SUSE-SU-2024:2184-1
SUSE-SU-2024:2190-1
SUSE-SU-2024:2203-1
SUSE-SU-2024:2973-1
SUSE-SU-2025:20008-1
SUSE-SU-2025:20028-1
USN-6951-1
USN-6951-2
USN-6951-3
USN-6951-4
USN-6953-1
USN-6979-1
USN-6999-1
USN-6999-2
USN-7004-1
USN-7005-1
USN-7005-2
USN-7007-1
USN-7007-2
USN-7007-3
USN-7008-1
USN-7009-1
USN-7009-2
USN-7019-1
USN-7029-1
USN-7496-1
USN-7496-2
USN-7496-3
USN-7496-4
USN-7496-5

Affected Products

Astra Linux
Linuxmint
Linux Kernel
Red Hat
Red Os
Suse
Ubuntu