CVE-2024-35992 - Vulnerability Details - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: phy: marvell: a3700-comphy: Fix out of bounds read There is an out of bounds read access of 'gbe_phy_init_fix[fix_idx].addr' every iteration after 'fix_idx' reaches 'ARRAY_SIZE(gbe_phy_init_fix)'. Make sure 'gbe_phy_init[addr]' is used when all elements of 'gbe_phy_init_fix' array are handled. Found by Linux Verification Center (linuxtesting.org) with SVACE.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

No data.

References

Link	Providers
https://git.kernel.org/stable/c/40406dfbc060503d2e0a9e637e98493c54997b3d
https://git.kernel.org/stable/c/610f175d2e16fb2436ba7974b990563002c20d07
https://git.kernel.org/stable/c/976df695f579bbb2914114b4e9974fe4ed1eb813
https://git.kernel.org/stable/c/e4308bc22b9d46cf33165c9dfaeebcf29cd56f04
https://lore.kernel.org/linux-cve-announce/2024052020-CVE-2024-35992-2e88@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-35992
https://www.cve.org/CVERecord?id=CVE-2024-35992

History

No history.

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-05-20T09:47:57.069Z

Updated: 2024-12-19T08:59:47.977Z

Reserved: 2024-05-17T13:50:33.147Z

Link: CVE-2024-35992

Vulnrichment

Updated: 2024-08-02T03:30:11.515Z

NVD

Status : Modified

Published: 2024-05-20T10:15:13.400

Modified: 2024-11-21T09:21:22.950

Link: CVE-2024-35992

Redhat

Severity : Moderate

Publid Date: 2024-05-20T00:00:00Z

Links: CVE-2024-35992 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-35992", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-05-17T13:50:33.147Z", "datePublished": "2024-05-20T09:47:57.069Z", "dateUpdated": "2024-12-19T08:59:47.977Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T08:59:47.977Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nphy: marvell: a3700-comphy: Fix out of bounds read\n\nThere is an out of bounds read access of 'gbe_phy_init_fix[fix_idx].addr'\nevery iteration after 'fix_idx' reaches 'ARRAY_SIZE(gbe_phy_init_fix)'.\n\nMake sure 'gbe_phy_init[addr]' is used when all elements of\n'gbe_phy_init_fix' array are handled.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/phy/marvell/phy-mvebu-a3700-comphy.c"], "versions": [{"version": "934337080c6c59b75db76b180b509f218640ad48", "lessThan": "976df695f579bbb2914114b4e9974fe4ed1eb813", "status": "affected", "versionType": "git"}, {"version": "934337080c6c59b75db76b180b509f218640ad48", "lessThan": "610f175d2e16fb2436ba7974b990563002c20d07", "status": "affected", "versionType": "git"}, {"version": "934337080c6c59b75db76b180b509f218640ad48", "lessThan": "40406dfbc060503d2e0a9e637e98493c54997b3d", "status": "affected", "versionType": "git"}, {"version": "934337080c6c59b75db76b180b509f218640ad48", "lessThan": "e4308bc22b9d46cf33165c9dfaeebcf29cd56f04", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/phy/marvell/phy-mvebu-a3700-comphy.c"], "versions": [{"version": "5.18", "status": "affected"}, {"version": "0", "lessThan": "5.18", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.90", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.30", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8.9", "lessThanOrEqual": "6.8.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/976df695f579bbb2914114b4e9974fe4ed1eb813"}, {"url": "https://git.kernel.org/stable/c/610f175d2e16fb2436ba7974b990563002c20d07"}, {"url": "https://git.kernel.org/stable/c/40406dfbc060503d2e0a9e637e98493c54997b3d"}, {"url": "https://git.kernel.org/stable/c/e4308bc22b9d46cf33165c9dfaeebcf29cd56f04"}], "title": "phy: marvell: a3700-comphy: Fix out of bounds read", "x_generator": {"engine": "bippy-5f407fcff5a0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-35992", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-20T17:01:10.545290Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:33:33.575Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:30:11.515Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/976df695f579bbb2914114b4e9974fe4ed1eb813", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/610f175d2e16fb2436ba7974b990563002c20d07", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/40406dfbc060503d2e0a9e637e98493c54997b3d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/e4308bc22b9d46cf33165c9dfaeebcf29cd56f04", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/976df695f579bbb2914114b4e9974fe4ed1eb813", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/610f175d2e16fb2436ba7974b990563002c20d07", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/40406dfbc060503d2e0a9e637e98493c54997b3d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/e4308bc22b9d46cf33165c9dfaeebcf29cd56f04", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:30:11.515Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-35992", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-20T17:01:10.545290Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:24.983Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "phy: marvell: a3700-comphy: Fix out of bounds read", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "934337080c6c", "lessThan": "976df695f579", "versionType": "git"}, {"status": "affected", "version": "934337080c6c", "lessThan": "610f175d2e16", "versionType": "git"}, {"status": "affected", "version": "934337080c6c", "lessThan": "40406dfbc060", "versionType": "git"}, {"status": "affected", "version": "934337080c6c", "lessThan": "e4308bc22b9d", "versionType": "git"}], "programFiles": ["drivers/phy/marvell/phy-mvebu-a3700-comphy.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.18"}, {"status": "unaffected", "version": "0", "lessThan": "5.18", "versionType": "custom"}, {"status": "unaffected", "version": "6.1.90", "versionType": "custom", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.30", "versionType": "custom", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.8.9", "versionType": "custom", "lessThanOrEqual": "6.8.*"}, {"status": "unaffected", "version": "6.9", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/phy/marvell/phy-mvebu-a3700-comphy.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/976df695f579bbb2914114b4e9974fe4ed1eb813"}, {"url": "https://git.kernel.org/stable/c/610f175d2e16fb2436ba7974b990563002c20d07"}, {"url": "https://git.kernel.org/stable/c/40406dfbc060503d2e0a9e637e98493c54997b3d"}, {"url": "https://git.kernel.org/stable/c/e4308bc22b9d46cf33165c9dfaeebcf29cd56f04"}], "x_generator": {"engine": "bippy-a5840b7849dd"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nphy: marvell: a3700-comphy: Fix out of bounds read\n\nThere is an out of bounds read access of 'gbe_phy_init_fix[fix_idx].addr'\nevery iteration after 'fix_idx' reaches 'ARRAY_SIZE(gbe_phy_init_fix)'.\n\nMake sure 'gbe_phy_init[addr]' is used when all elements of\n'gbe_phy_init_fix' array are handled.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-29T05:32:34.520Z"}}}, "cveMetadata": {"cveId": "CVE-2024-35992", "state": "PUBLISHED", "dateUpdated": "2024-08-02T03:30:11.515Z", "dateReserved": "2024-05-17T13:50:33.147Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-20T09:47:57.069Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E7EA63C6-6BB3-46BD-BB05-AD28AC270B01", "versionEndExcluding": "6.1.90", "versionStartIncluding": "5.18", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "84046DAF-73CF-429D-9BA4-05B658B377B5", "versionEndExcluding": "6.6.30", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "5F9041E5-8358-4EF7-8F98-B812EDE49612", "versionEndExcluding": "6.8.9", "versionStartIncluding": "6.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nphy: marvell: a3700-comphy: Fix out of bounds read\n\nThere is an out of bounds read access of 'gbe_phy_init_fix[fix_idx].addr'\nevery iteration after 'fix_idx' reaches 'ARRAY_SIZE(gbe_phy_init_fix)'.\n\nMake sure 'gbe_phy_init[addr]' is used when all elements of\n'gbe_phy_init_fix' array are handled.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."}, {"lang": "es", "value": " En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: phy: marvell: a3700-comphy: correcci\u00f3n de lectura fuera de los l\u00edmites. Hay un acceso de lectura fuera de los l\u00edmites de 'gbe_phy_init_fix[fix_idx].addr' en cada iteraci\u00f3n despu\u00e9s de que 'fix_idx' alcance ' ARRAY_SIZE(gbe_phy_init_fix)'. Aseg\u00farese de que se utilice 'gbe_phy_init[addr]' cuando se manejen todos los elementos de la matriz 'gbe_phy_init_fix'. Encontrado por el Centro de verificaci\u00f3n de Linux (linuxtesting.org) con SVACE."}], "id": "CVE-2024-35992", "lastModified": "2024-11-21T09:21:22.950", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-05-20T10:15:13.400", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/40406dfbc060503d2e0a9e637e98493c54997b3d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/610f175d2e16fb2436ba7974b990563002c20d07"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/976df695f579bbb2914114b4e9974fe4ed1eb813"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e4308bc22b9d46cf33165c9dfaeebcf29cd56f04"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/40406dfbc060503d2e0a9e637e98493c54997b3d"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/610f175d2e16fb2436ba7974b990563002c20d07"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/976df695f579bbb2914114b4e9974fe4ed1eb813"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e4308bc22b9d46cf33165c9dfaeebcf29cd56f04"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: phy: marvell: a3700-comphy: Fix out of bounds read", "id": "2281841", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2281841"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-125", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nphy: marvell: a3700-comphy: Fix out of bounds read\nThere is an out of bounds read access of 'gbe_phy_init_fix[fix_idx].addr'\nevery iteration after 'fix_idx' reaches 'ARRAY_SIZE(gbe_phy_init_fix)'.\nMake sure 'gbe_phy_init[addr]' is used when all elements of\n'gbe_phy_init_fix' array are handled.\nFound by Linux Verification Center (linuxtesting.org) with SVACE.", "A flaw was found in the Linux kernel\u2019s\u00a0 phy-mvebu-a3700-comphy module. An out-of-bounds read in the comphy_gbe_phy_init function in the drivers/phy/marvell/phy-mvebu-a3700-comphy.c file can be triggered due to a missing check of an array size, resulting in a denial of service."], "name": "CVE-2024-35992", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-20T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-35992\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-35992\nhttps://lore.kernel.org/linux-cve-announce/2024052020-CVE-2024-35992-2e88@gregkh/T"], "statement": "The phy-mvebu-a3700-comphy module is not built in the kernel shipped in Red Hat Enterprise Linux, so it is not affected by this vulnerability.", "threat_severity": "Moderate", "upstream_fix": "kernel 6.1.90, kernel 6.6.30, kernel 6.8.9, kernel 6.9"}