CVE-2024-41028 - Vulnerability Details - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: platform/x86: toshiba_acpi: Fix array out-of-bounds access In order to use toshiba_dmi_quirks[] together with the standard DMI matching functions, it must be terminated by a empty entry. Since this entry is missing, an array out-of-bounds access occurs every time the quirk list is processed. Fix this by adding the terminating empty entry.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/0d71da43d6b7916d36cf1953d793da80433c50bf
https://git.kernel.org/stable/c/639868f1cb87b683cf830353bbee0c4078202313
https://git.kernel.org/stable/c/b6e02c6b0377d4339986e07aeb696c632cd392aa
https://git.kernel.org/stable/c/e030aa6c972641cb069086a8c7a0f747653e472a
https://lore.kernel.org/linux-cve-announce/2024072920-CVE-2024-41028-d1bd@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-41028
https://www.cve.org/CVERecord?id=CVE-2024-41028

History

Wed, 11 Sep 2024 13:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 30 Aug 2024 10:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-125
Metrics	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Moderate`	cvssV3_1 `{'score': 4.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Low`

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-07-29T14:31:44.704Z

Updated: 2024-12-19T09:10:22.459Z

Reserved: 2024-07-12T12:17:45.617Z

Link: CVE-2024-41028

Vulnrichment

Updated: 2024-08-02T04:39:56.186Z

NVD

Status : Awaiting Analysis

Published: 2024-07-29T15:15:11.553

Modified: 2024-11-21T09:32:05.793

Link: CVE-2024-41028

Redhat

Severity : Low

Publid Date: 2024-07-29T00:00:00Z

Links: CVE-2024-41028 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-41028", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-12T12:17:45.617Z", "datePublished": "2024-07-29T14:31:44.704Z", "dateUpdated": "2024-12-19T09:10:22.459Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T09:10:22.459Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: toshiba_acpi: Fix array out-of-bounds access\n\nIn order to use toshiba_dmi_quirks[] together with the standard DMI\nmatching functions, it must be terminated by a empty entry.\n\nSince this entry is missing, an array out-of-bounds access occurs\nevery time the quirk list is processed.\n\nFix this by adding the terminating empty entry."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/platform/x86/toshiba_acpi.c"], "versions": [{"version": "3cb1f40dfdc3b9f5449076c96b4e2523139f5cd0", "lessThan": "e030aa6c972641cb069086a8c7a0f747653e472a", "status": "affected", "versionType": "git"}, {"version": "3cb1f40dfdc3b9f5449076c96b4e2523139f5cd0", "lessThan": "639868f1cb87b683cf830353bbee0c4078202313", "status": "affected", "versionType": "git"}, {"version": "3cb1f40dfdc3b9f5449076c96b4e2523139f5cd0", "lessThan": "0d71da43d6b7916d36cf1953d793da80433c50bf", "status": "affected", "versionType": "git"}, {"version": "3cb1f40dfdc3b9f5449076c96b4e2523139f5cd0", "lessThan": "b6e02c6b0377d4339986e07aeb696c632cd392aa", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/platform/x86/toshiba_acpi.c"], "versions": [{"version": "6.1", "status": "affected"}, {"version": "0", "lessThan": "6.1", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.100", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.41", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9.10", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/e030aa6c972641cb069086a8c7a0f747653e472a"}, {"url": "https://git.kernel.org/stable/c/639868f1cb87b683cf830353bbee0c4078202313"}, {"url": "https://git.kernel.org/stable/c/0d71da43d6b7916d36cf1953d793da80433c50bf"}, {"url": "https://git.kernel.org/stable/c/b6e02c6b0377d4339986e07aeb696c632cd392aa"}], "title": "platform/x86: toshiba_acpi: Fix array out-of-bounds access", "x_generator": {"engine": "bippy-5f407fcff5a0"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:39:56.186Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/e030aa6c972641cb069086a8c7a0f747653e472a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/639868f1cb87b683cf830353bbee0c4078202313", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/0d71da43d6b7916d36cf1953d793da80433c50bf", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b6e02c6b0377d4339986e07aeb696c632cd392aa", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-41028", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:24:02.601705Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:34:04.253Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/e030aa6c972641cb069086a8c7a0f747653e472a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/639868f1cb87b683cf830353bbee0c4078202313", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/0d71da43d6b7916d36cf1953d793da80433c50bf", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b6e02c6b0377d4339986e07aeb696c632cd392aa", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:39:56.186Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-41028", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:24:02.601705Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:20.478Z"}}], "cna": {"title": "platform/x86: toshiba_acpi: Fix array out-of-bounds access", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "3cb1f40dfdc3", "lessThan": "e030aa6c9726", "versionType": "git"}, {"status": "affected", "version": "3cb1f40dfdc3", "lessThan": "639868f1cb87", "versionType": "git"}, {"status": "affected", "version": "3cb1f40dfdc3", "lessThan": "0d71da43d6b7", "versionType": "git"}, {"status": "affected", "version": "3cb1f40dfdc3", "lessThan": "b6e02c6b0377", "versionType": "git"}], "programFiles": ["drivers/platform/x86/toshiba_acpi.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "6.1"}, {"status": "unaffected", "version": "0", "lessThan": "6.1", "versionType": "semver"}, {"status": "unaffected", "version": "6.1.100", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.41", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.9.10", "versionType": "semver", "lessThanOrEqual": "6.9.*"}, {"status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/platform/x86/toshiba_acpi.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/e030aa6c972641cb069086a8c7a0f747653e472a"}, {"url": "https://git.kernel.org/stable/c/639868f1cb87b683cf830353bbee0c4078202313"}, {"url": "https://git.kernel.org/stable/c/0d71da43d6b7916d36cf1953d793da80433c50bf"}, {"url": "https://git.kernel.org/stable/c/b6e02c6b0377d4339986e07aeb696c632cd392aa"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: toshiba_acpi: Fix array out-of-bounds access\n\nIn order to use toshiba_dmi_quirks[] together with the standard DMI\nmatching functions, it must be terminated by a empty entry.\n\nSince this entry is missing, an array out-of-bounds access occurs\nevery time the quirk list is processed.\n\nFix this by adding the terminating empty entry."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:35:16.520Z"}}}, "cveMetadata": {"cveId": "CVE-2024-41028", "state": "PUBLISHED", "dateUpdated": "2024-11-05T09:35:16.520Z", "dateReserved": "2024-07-12T12:17:45.617Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-07-29T14:31:44.704Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: toshiba_acpi: Fix array out-of-bounds access\n\nIn order to use toshiba_dmi_quirks[] together with the standard DMI\nmatching functions, it must be terminated by a empty entry.\n\nSince this entry is missing, an array out-of-bounds access occurs\nevery time the quirk list is processed.\n\nFix this by adding the terminating empty entry."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: plataforma/x86: toshiba_acpi: corrige el acceso fuera de los l\u00edmites de la matriz. Para utilizar toshiba_dmi_quirks[] junto con las funciones est\u00e1ndar de coincidencia DMI, debe terminar con una entrada vac\u00eda. Dado que falta esta entrada, se produce un acceso fuera de los l\u00edmites a la matriz cada vez que se procesa la lista de peculiaridades. Solucione este problema agregando la entrada vac\u00eda final."}], "id": "CVE-2024-41028", "lastModified": "2024-11-21T09:32:05.793", "metrics": {}, "published": "2024-07-29T15:15:11.553", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/0d71da43d6b7916d36cf1953d793da80433c50bf"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/639868f1cb87b683cf830353bbee0c4078202313"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/b6e02c6b0377d4339986e07aeb696c632cd392aa"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/e030aa6c972641cb069086a8c7a0f747653e472a"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/0d71da43d6b7916d36cf1953d793da80433c50bf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/639868f1cb87b683cf830353bbee0c4078202313"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/b6e02c6b0377d4339986e07aeb696c632cd392aa"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/e030aa6c972641cb069086a8c7a0f747653e472a"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: platform/x86: toshiba_acpi: Fix array out-of-bounds access", "id": "2300386", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2300386"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-125", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nplatform/x86: toshiba_acpi: Fix array out-of-bounds access\nIn order to use toshiba_dmi_quirks[] together with the standard DMI\nmatching functions, it must be terminated by a empty entry.\nSince this entry is missing, an array out-of-bounds access occurs\nevery time the quirk list is processed.\nFix this by adding the terminating empty entry."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-41028", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-07-29T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-41028\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-41028\nhttps://lore.kernel.org/linux-cve-announce/2024072920-CVE-2024-41028-d1bd@gregkh/T"], "threat_severity": "Low", "upstream_fix": "kernel 6.1.100, kernel 6.6.41, kernel 6.9.10, kernel 6.10"}