CVE-2024-44931 — Out-of-bounds Read in Linux

CWE-125 — Out-of-bounds Read64 documents7 sources

Severity

5.5MEDIUMNVD

OSV8.8OSV7.8OSV6.7OSV6.3OSV4.7

EPSS

0.0%

top 98.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux +3 more

Timeline

PublishedAug 26

Latest updateMay 28

Description

In the Linux kernel, the following vulnerability has been resolved: gpio: prevent potential speculation leaks in gpio_device_get_desc() Userspace may trigger a speculative read of an address outside the gpio descriptor array. Users can do that by calling gpio_ioctl() with an offset out of range. Offset is copied from user and then used as an array index to get the gpio descriptor without sanitization in gpio_device_get_desc(). This change ensures that the offset is sanitized by using array_in…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages8 packages

▶NVDlinux/linux_kernel6.7 — 6.10.5+1

▶Debianlinux/linux_kernel< 5.10.234-1+3

▶Ubuntulinux/linux_kernel< 5.4.0-208.228+4

▶CVEListV5linux/linux521a2ad6f862a28e2e43cb3e254a26bf0f9452e9 — 18504710442671b02d00e6db9804a0ad26c5a479+8

▶debiandebian/linux< linux 6.1.112-1 (bookworm)

Patches

Patch: git.kernel.org ↗Patch: git.kernel.org ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

OSV

linux-raspi-5.4 vulnerabilities↗2025-05-28

▶

OSV

linux-raspi vulnerabilities↗2025-05-28

▶

OSV

linux-iot vulnerabilities↗2025-04-03

▶

OSV

linux-aws-5.4 vulnerabilities↗2025-04-01

▶

OSV

linux-fips vulnerabilities↗2025-03-28

▶

📋Vendor Advisories

Ubuntu

Linux kernel (Raspberry Pi) vulnerabilities↗2025-05-28

▶

Ubuntu

Linux kernel (Raspberry Pi) vulnerabilities↗2025-05-28

▶

Ubuntu

Linux kernel (IoT) vulnerabilities↗2025-04-03

▶

Ubuntu

Linux kernel (AWS) vulnerabilities↗2025-04-01

▶

Ubuntu

Linux kernel (FIPS) vulnerabilities↗2025-03-28

▶