PT-2024-6939 · Linux+7 · Linux Kernel+7
Published
2024-08-01
·
Updated
2025-09-29
·
CVE-2024-46747
CVSS v3.1
7.1
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 6.6.52
Description
The issue is related to a slab-out-of-bounds read in the
cougar report fixup() function, which is used for the Cougar 500k Gaming Keyboard. This function did not verify that the report descriptor size was correct before accessing it, potentially allowing an attacker to impact the confidentiality and availability of protected information.Recommendations
To resolve the issue, update the Linux kernel to version 6.6.52 or later. As a temporary workaround, consider restricting access to the
cougar report fixup() function until a patch is available.Exploit
Fix
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Astra Linux
Linuxmint
Linux Kernel
Red Hat
Red Os
Suse
Ubuntu