CVE-2024-46833

EPSS 0.02%
Published 27.09.2024 13:15:15
Last modified 09.10.2024 15:54:38
Source 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Open
Login

In the Linux kernel, the following vulnerability has been resolved:

net: hns3: void array out of bound when loop tnl_num

When query reg inf of SSU, it loops tnl_num times. However, tnl_num comes
from hardware and the length of array is a fixed value. To void array out
of bound, make sure the loop time is not greater than the length of array

Affected products Warnungen 0 Metrics 2 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version < 6.10.10

Linux ≫ Linux Kernel Version6.11 Updaterc1

Linux ≫ Linux Kernel Version6.11 Updaterc2

Linux ≫ Linux Kernel Version6.11 Updaterc3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.02%	0.026

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-129 Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

https://git.kernel.org/stable/c/86db7bfb06704ef17340eeae71c832f21cfce35c

Patch

https://git.kernel.org/stable/c/c33a9806dc806bcb4a31dc71fb06979219181ad4

Patch

https://nvd.nist.gov/vuln/detail/CVE-2024-46833

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-46833

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-46833

EUVD