CVE-2024-47697

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.58

Description The issue is related to an out-of-bounds write error in the rtl2830 pid filter function in the Linux kernel's dvb-frontends/rtl2830 module. This error occurs when the index exceeds 31, causing an attempt to access a non-existent 33rd bit and leading to out-of-bounds access. The dev->filters value is 32 bits, and the set bit and clear bit functions should only operate on indices from 0 to 31. The vulnerability can be exploited to impact the confidentiality, integrity, and availability of protected information.

Recommendations To resolve this issue, update the Linux kernel to version 6.6.58 or later. As a temporary workaround, consider modifying the boundary check in the rtl2830 pid filter function from index > 32 to index >= 32 to prevent out-of-bounds access. Restrict access to the dvb-frontends/rtl2830 module to minimize the risk of exploitation until the issue is resolved.