5.5

CVE-2024-44988

net: dsa: mv88e6xxx: Fix out-of-bound access

In the Linux kernel, the following vulnerability has been resolved:

net: dsa: mv88e6xxx: Fix out-of-bound access

If an ATU violation was caused by a CPU Load operation, the SPID could
be larger than DSA_MAX_PORTS (the size of mv88e6xxx_chip.ports[] array).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.19.21 < 4.20
LinuxLinux Kernel Version >= 4.20.8 < 5.0
LinuxLinux Kernel Version >= 5.0 < 5.4.283
LinuxLinux Kernel Version >= 5.5 < 5.10.225
LinuxLinux Kernel Version >= 5.11 < 5.15.166
LinuxLinux Kernel Version >= 5.16 < 6.1.107
LinuxLinux Kernel Version >= 6.2 < 6.6.48
LinuxLinux Kernel Version >= 6.7 < 6.10.7
LinuxLinux Kernel Version6.11 Updaterc1
LinuxLinux Kernel Version6.11 Updaterc2
LinuxLinux Kernel Version6.11 Updaterc3
LinuxLinux Kernel Version6.11 Updaterc4
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.24% 0.145
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://git.kernel.org/stable/c/050e7274ab2150cd212b2372595720e7b83a15bd
Patch
https://git.kernel.org/stable/c/18b2e833daf049223ab3c2efdf8cdee08854c484
Patch
https://git.kernel.org/stable/c/4a88fca95c8df3746b71e31f44a02d35f06f9864
https://git.kernel.org/stable/c/528876d867a23b5198022baf2e388052ca67c952
Patch
https://git.kernel.org/stable/c/a10d0337115a6d223a1563d853d4455f05d0b2e3
Patch
https://git.kernel.org/stable/c/d39f5be62f098fe367d672b4dd4bc4b2b80e08e7
Patch
https://git.kernel.org/stable/c/f7d8c2fabd39250cf2333fbf8eef67e837f90a5d
Patch
https://git.kernel.org/stable/c/f87ce03c652dba199aef15ac18ade3991db5477e
Patch
https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html