CVE-2024-46743

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.52

Description The issue is related to a device address out-of-bounds read in the interrupt map walk. When of irq parse raw() is invoked with a device address smaller than the interrupt parent node, KASAN detects an out-of-bounds read. This can lead to a slab-out-of-bounds error in of irq parse raw(). The vulnerability is caused by not copying the device address into a buffer of sufficient size.

The of irq parse one() function is also involved in this issue, and the of irq parse raw() function is called with a device address that is too small. The error occurs when the addrsize is 3, but the size is only 2.

The vulnerability can be exploited by an attacker to impact the confidentiality and availability of protected information. However, there is no information about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited.

Recommendations To resolve the issue, update the Linux kernel to version 6.6.52 or later. This version includes the fix for the out-of-bounds read in the interrupt map walk.

Note: There is no information about specific mitigation measures or workarounds for this vulnerability. The only recommended solution is to update the Linux kernel to a version that includes the fix.