CVE-2024-46863 — Improper Validation of Array Index in Linux

CWE-129 — Improper Validation of Array Index6 documents6 sources

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 91.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux +8 more

Timeline

PublishedSep 27

Description

In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: soc-acpi-intel-lnl-match: add missing empty item There is no links_num in struct snd_soc_acpi_mach {}, and we test !link->num_adr as a condition to end the loop in hda_sdw_machine_select(). So an empty item in struct snd_soc_acpi_link_adr array is required.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages12 packages

▶NVDlinux/linux_kernel6.7 — 6.10.11+2

▶Debianlinux/linux_kernel< 6.10.11-1+1

▶msrcmsrc/azl3_kernel_6.6.51.1-5_on_azure_linux_3.0

▶msrcmsrc/azl3_kernel_6.6.56.1-5_on_azure_linux_3.0

▶CVEListV5linux/linuxdd3bd9dc47084195fcb3c1b371cb03046abb13ab — 8eb57389d8ad91c67bf844f5aae4caef74b9091b+2

Patches

Patch: git.kernel.org ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

OSV

CVE-2024-46863: In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: soc-acpi-intel-lnl-match: add missing empty item There is no links_nu↗2024-09-27

▶

GHSA

GHSA-x4v7-2qvr-vh9c: In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: soc-acpi-intel-lnl-match: add missing empty item There is no links_↗2024-09-27

▶

📋Vendor Advisories

Red Hat

kernel: ASoC: Intel: soc-acpi-intel-lnl-match: add missing empty item↗2024-09-27

▶

Microsoft

ASoC: Intel: soc-acpi-intel-lnl-match: add missing empty item↗2024-09-10

▶

Debian

CVE-2024-46863: linux - In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel...↗2024

▶