7.8
CVE-2024-47751
- EPSS 0.23%
- Veröffentlicht 21.10.2024 13:15:05
- Zuletzt bearbeitet 03.11.2025 23:16:22
- CVE-Watchlists
- Unerledigt
PCI: kirin: Fix buffer overflow in kirin_pcie_parse_port()
In the Linux kernel, the following vulnerability has been resolved: PCI: kirin: Fix buffer overflow in kirin_pcie_parse_port() Within kirin_pcie_parse_port(), the pcie->num_slots is compared to pcie->gpio_id_reset size (MAX_PCI_SLOTS) which is correct and would lead to an overflow. Thus, fix condition to pcie->num_slots + 1 >= MAX_PCI_SLOTS and move pcie->num_slots increment below the if-statement to avoid out-of-bounds array access. Found by Linux Verification Center (linuxtesting.org) with SVACE. [kwilczynski: commit log]
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 5.16 < 6.1.113
Linux ≫ Linux Kernel Version >= 6.2 < 6.6.54
Linux ≫ Linux Kernel Version >= 6.7 < 6.10.13
Linux ≫ Linux Kernel Version >= 6.11 < 6.11.2
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.23% | 0.138 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
https://git.kernel.org/stable/c/6dcc5b49d6607a741a14122bf3105f3ac50d259e
https://git.kernel.org/stable/c/95248d7497bcbfe7deed4805469c6ff6ddd7f9d1
https://git.kernel.org/stable/c/a5f795f9412854df28e66679c5e6b68b0b79c229
https://git.kernel.org/stable/c/aeb0335971806e15ac91e838ca471936c8e7efd5
https://git.kernel.org/stable/c/c500a86693a126c9393e602741e348f80f1b0fc5
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html