7.8

CVE-2024-42092

gpio: davinci: Validate the obtained number of IRQs

In the Linux kernel, the following vulnerability has been resolved:

gpio: davinci: Validate the obtained number of IRQs

Value of pdata->gpio_unbanked is taken from Device Tree. In case of broken
DT due to any error this value can be any. Without this value validation
there can be out of chips->irqs array boundaries access in
davinci_gpio_probe().

Validate the obtained nirq value so that it won't exceed the maximum
number of IRQs per bank.

Found by Linux Verification Center (linuxtesting.org) with SVACE.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.19 < 4.19.317
LinuxLinux Kernel Version >= 4.20 < 5.4.279
LinuxLinux Kernel Version >= 5.5 < 5.10.221
LinuxLinux Kernel Version >= 5.11 < 5.15.162
LinuxLinux Kernel Version >= 5.16 < 6.1.97
LinuxLinux Kernel Version >= 6.2 < 6.6.37
LinuxLinux Kernel Version >= 6.7 < 6.9.8
LinuxLinux Kernel Version6.10 Updaterc1
LinuxLinux Kernel Version6.10 Updaterc2
LinuxLinux Kernel Version6.10 Updaterc3
LinuxLinux Kernel Version6.10 Updaterc4
LinuxLinux Kernel Version6.10 Updaterc5
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.22% 0.126
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-129 Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

https://git.kernel.org/stable/c/2d83492259ad746b655f196cd5d1be4b3d0a3782
Patch
https://git.kernel.org/stable/c/70b48899f3f23f98a52c5b1060aefbdc7ba7957b
Patch
https://git.kernel.org/stable/c/7aa9b96e9a73e4ec1771492d0527bd5fc5ef9164
Patch
https://git.kernel.org/stable/c/89d7008af4945808677662a630643b5ea89c6e8d
Patch
https://git.kernel.org/stable/c/a8d78984fdc105bc1a38b73e98d32b1bc4222684
Patch
https://git.kernel.org/stable/c/c542e51306d5f1eba3af84daa005826223382470
Patch
https://git.kernel.org/stable/c/cd75721984337c38a12aeca33ba301d31ca4b3fd
Patch
https://git.kernel.org/stable/c/e44a83bf15c4db053ac6dfe96a23af184c9136d9
Patch
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html