7.8

CVE-2024-41028

platform/x86: toshiba_acpi: Fix array out-of-bounds access

In the Linux kernel, the following vulnerability has been resolved:

platform/x86: toshiba_acpi: Fix array out-of-bounds access

In order to use toshiba_dmi_quirks[] together with the standard DMI
matching functions, it must be terminated by a empty entry.

Since this entry is missing, an array out-of-bounds access occurs
every time the quirk list is processed.

Fix this by adding the terminating empty entry.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 6.1 < 6.1.100
LinuxLinux Kernel Version >= 6.2 < 6.6.41
LinuxLinux Kernel Version >= 6.7 < 6.9.10
LinuxLinux Kernel Version6.10 Updaterc1
LinuxLinux Kernel Version6.10 Updaterc2
LinuxLinux Kernel Version6.10 Updaterc3
LinuxLinux Kernel Version6.10 Updaterc4
LinuxLinux Kernel Version6.10 Updaterc5
LinuxLinux Kernel Version6.10 Updaterc6
LinuxLinux Kernel Version6.10 Updaterc7
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.3% 0.214
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-129 Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

https://git.kernel.org/stable/c/0d71da43d6b7916d36cf1953d793da80433c50bf
Patch
https://git.kernel.org/stable/c/639868f1cb87b683cf830353bbee0c4078202313
Patch
https://git.kernel.org/stable/c/b6e02c6b0377d4339986e07aeb696c632cd392aa
Patch
https://git.kernel.org/stable/c/e030aa6c972641cb069086a8c7a0f747653e472a
Patch
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html