CVE-2024-46836

HIGH

Linux Kernel < 6.1.110 - Improper Array Index Validation

Title source: rule

Description

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: aspeed_udc: validate endpoint index for ast udc We should verify the bound of the array to assure that host may not manipulate the index to point past endpoint array. Found by static analysis.

References (5)

[Mailing List] https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

[Patch] https://git.kernel.org/stable/c/31bd4fab49c0adc6228848357c1b1df9395858af

[Patch] https://git.kernel.org/stable/c/6fe9ca2ca389114c8da66e534c18273497843e8a

[Patch] https://git.kernel.org/stable/c/b2a50ffdd1a079869a62198a8d1441355c513c7c

[Patch] https://git.kernel.org/stable/c/ee0d382feb44ec0f445e2ad63786cd7f3f6a8199

Scores

CVSS v3 7.8

EPSS 0.0001

EPSS Percentile 3.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-129

Status published

Products (4)

linux/Kernel 6.0.0 - 6.1.110linux

linux/Kernel 6.2.0 - 6.6.51linux

linux/Kernel 6.7.0 - 6.10.10linux

linux/linux_kernel < 6.1.110

Published Sep 27, 2024

Tracked Since Feb 18, 2026