7.8
CVE-2024-41028
- EPSS 0.3%
- Veröffentlicht 29.07.2024 15:15:11
- Zuletzt bearbeitet 03.11.2025 22:17:24
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
platform/x86: toshiba_acpi: Fix array out-of-bounds access
In the Linux kernel, the following vulnerability has been resolved: platform/x86: toshiba_acpi: Fix array out-of-bounds access In order to use toshiba_dmi_quirks[] together with the standard DMI matching functions, it must be terminated by a empty entry. Since this entry is missing, an array out-of-bounds access occurs every time the quirk list is processed. Fix this by adding the terminating empty entry.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 6.1 < 6.1.100
Linux ≫ Linux Kernel Version >= 6.2 < 6.6.41
Linux ≫ Linux Kernel Version >= 6.7 < 6.9.10
Linux ≫ Linux Kernel Version6.10 Updaterc1
Linux ≫ Linux Kernel Version6.10 Updaterc2
Linux ≫ Linux Kernel Version6.10 Updaterc3
Linux ≫ Linux Kernel Version6.10 Updaterc4
Linux ≫ Linux Kernel Version6.10 Updaterc5
Linux ≫ Linux Kernel Version6.10 Updaterc6
Linux ≫ Linux Kernel Version6.10 Updaterc7
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.3% | 0.214 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-129 Improper Validation of Array Index
The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.
https://git.kernel.org/stable/c/0d71da43d6b7916d36cf1953d793da80433c50bf
https://git.kernel.org/stable/c/639868f1cb87b683cf830353bbee0c4078202313
https://git.kernel.org/stable/c/b6e02c6b0377d4339986e07aeb696c632cd392aa
https://git.kernel.org/stable/c/e030aa6c972641cb069086a8c7a0f747653e472a
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html