PT-2025-8829 · Linux+9 · Linux Kernel+9
Stephan Gerhold
·
Published
2025-01-06
·
Updated
2026-04-20
·
CVE-2024-58007
CVSS v3.1
7.1
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel (affected versions not specified)
Description
A vulnerability in the Linux kernel has been resolved, specifically related to an out of bounds read of the serial number on MSM8916 devices. The serial number exposed in sysfs is constant and does not change across individual devices. The issue arises from an incorrect check when checking the item size returned by SMEM, where the end of the serial num field should be within bounds, instead of comparing with the start offset. This results in an out of bounds read of whatever comes after the socinfo struct in SMEM.
Recommendations
To resolve this issue, update the Linux kernel to a version that includes the fix, which changes offsetof() to offsetofend(), taking into account the size of the field.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
DoS
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Almalinux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Hat
Red Os
Suse
Ubuntu