PT-2024-7179 · Linux+7 · Linux Kernel+7

Hans De Goede

·

Published

2024-09-09

·

Updated

2026-05-05

·

CVE-2024-46859

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The issue is related to the Panasonic laptop code in the Linux kernel, which uses the SINF array with index values without checking its size. This can lead to out-of-bounds accesses, potentially affecting the confidentiality, integrity, and availability of protected information. The code does not check if the SINF array has a minimum size to cover all AC+DC brightness entries, and it does not refuse to load if the array is smaller. The vulnerability can be exploited by accessing the array out of bounds, and it affects various Panasonic laptop models, including the Toughbook CF-18, which has only 10 SINF array entries.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Validation of Array Index

Weakness Enumeration

CWE-129

Related Identifiers

ALSA-2025_16880
ALT-PU-2024-13979
ALT-PU-2024-14046
AZL-49884
AZL-49890
BDU:2024-08518
CVE-2024-46859
DLA-4008-1
DSA-5782-1
OESA-2024-2256
OESA-2024-2292
OESA-2024-2293
OESA-2024-2295
OESA-2024-2296
OPENSUSE-SU-2024_3984-1
OPENSUSE-SU-2024_3986-1
OPENSUSE-SU-2024_4315-1
OPENSUSE-SU-2024_4376-1
SUSE-SU-2024:3559-1
SUSE-SU-2024:3566-1
SUSE-SU-2024:3591-1
SUSE-SU-2024:3984-1
SUSE-SU-2024:3986-1
SUSE-SU-2024:4315-1
SUSE-SU-2024:4318-1
SUSE-SU-2024:4364-1
SUSE-SU-2024:4376-1
SUSE-SU-2024:4387-1
SUSE-SU-2025:20163-1
SUSE-SU-2025:20164-1
SUSE-SU-2025:20246-1
SUSE-SU-2025:20247-1
USN-7154-1
USN-7154-2
USN-7155-1
USN-7156-1
USN-7166-1
USN-7166-2
USN-7166-3
USN-7166-4
USN-7186-1
USN-7186-2
USN-7194-1
USN-7196-1

Affected Products

Alt Linux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu