NVD脆弱性詳細

CVE-2024-46743

概要	In the Linux kernel, the following vulnerability has been resolved: of/irq: Prevent device address out-of-bounds read in interrupt map walk When of_irq_parse_raw() is invoked with a device address smaller than the interrupt parent node (from #address-cells property), KASAN detects the following out-of-bounds read when populating the initial match table (dyndbg="func of_irq_parse_* +p"): OF: of_irq_parse_one: dev=/soc@0/picasso/watchdog, index=0 OF: parent=/soc@0/pci@878000000000/gpio0@17,0, intsize=2 OF: intspec=4 OF: of_irq_parse_raw: ipar=/soc@0/pci@878000000000/gpio0@17,0, size=2 OF: -> addrsize=3 ================================================================== BUG: KASAN: slab-out-of-bounds in of_irq_parse_raw+0x2b8/0x8d0 Read of size 4 at addr ffffff81beca5608 by task bash/764 CPU: 1 PID: 764 Comm: bash Tainted: G O 6.1.67-484c613561-nokia_sm_arm64 #1 Hardware name: Unknown Unknown Product/Unknown Product, BIOS 2023.01-12.24.03-dirty 01/01/2023 Call trace: dump_backtrace+0xdc/0x130 show_stack+0x1c/0x30 dump_stack_lvl+0x6c/0x84 print_report+0x150/0x448 kasan_report+0x98/0x140 __asan_load4+0x78/0xa0 of_irq_parse_raw+0x2b8/0x8d0 of_irq_parse_one+0x24c/0x270 parse_interrupts+0xc0/0x120 of_fwnode_add_links+0x100/0x2d0 fw_devlink_parse_fwtree+0x64/0xc0 device_add+0xb38/0xc30 of_device_add+0x64/0x90 of_platform_device_create_pdata+0xd0/0x170 of_platform_bus_create+0x244/0x600 of_platform_notify+0x1b0/0x254 blocking_notifier_call_chain+0x9c/0xd0 __of_changeset_entry_notify+0x1b8/0x230 __of_changeset_apply_notify+0x54/0xe4 of_overlay_fdt_apply+0xc04/0xd94 ... The buggy address belongs to the object at ffffff81beca5600 which belongs to the cache kmalloc-128 of size 128 The buggy address is located 8 bytes inside of 128-byte region [ffffff81beca5600, ffffff81beca5680) The buggy address belongs to the physical page: page:00000000230d3d03 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1beca4 head:00000000230d3d03 order:1 compound_mapcount:0 compound_pincount:0 flags: 0x8000000000010200(slab\|head\|zone=2) raw: 8000000000010200 0000000000000000 dead000000000122 ffffff810000c300 raw: 0000000000000000 0000000000200020 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffffff81beca5500: 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffffff81beca5580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >ffffff81beca5600: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ^ ffffff81beca5680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffffff81beca5700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc ================================================================== OF: -> got it ! Prevent the out-of-bounds read by copying the device address into a buffer of sufficient size.
公表日	2024年9月18日17:15
登録日	2024年9月18日20:00
最終更新日	2024年9月20日21:30

関連情報、対策とツール

No	URL	refsource	タグ
1	https://git.kernel.org/stable/c/d2a79494d8a5262949736fb2c3ac44d20a51b0d8
2	https://git.kernel.org/stable/c/defcaa426ba0bc89ffdafb799d2e50b52f74ffc4
3	https://git.kernel.org/stable/c/9d1e9f0876b03d74d44513a0ed3ed15ef8f2fed5
4	https://git.kernel.org/stable/c/baaf26723beab3a04da578d3008be3544f83758f
5	https://git.kernel.org/stable/c/8ff351ea12e918db1373b915c4c268815929cbe5
6	https://git.kernel.org/stable/c/7ead730af11ee7da107f16fc77995613c58d292d
7	https://git.kernel.org/stable/c/bf68acd840b6a5bfd3777e0d5aaa204db6b461a9
8	https://git.kernel.org/stable/c/b739dffa5d570b411d4bdf4bb9b8dfd6b7d72305

共通脆弱性一覧

JVN脆弱性情報

Linux の Linux Kernel における境界外読み取りに関する脆弱性

タイトル	Linux の Linux Kernel における境界外読み取りに関する脆弱性
概要	Linux の Linux Kernel には、境界外読み取りに関する脆弱性が存在します。
想定される影響	情報を取得される、およびサービス運用妨害 (DoS) 状態にされる可能性があります。
対策	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
公表日	2024年8月13日0:00
登録日	2024年9月24日14:15
最終更新日	2025年9月2日15:25

影響を受けるシステム

Linux

Linux Kernel 4.19.322 未満

Linux Kernel 4.20 以上 5.4.284 未満

Linux Kernel 5.11 以上 5.15.167 未満

Linux Kernel 5.16 以上 6.1.110 未満

Linux Kernel 5.5 以上 5.10.226 未満

Linux Kernel 6.11

Linux Kernel 6.2 以上 6.6.51 未満

Linux Kernel 6.7 以上 6.10.10 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	名前	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2024-46743	https://www.cve.org/CVERecord?id=CVE-2024-46743
National Vulnerability Database (NVD)
2	CVE-2024-46743	https://nvd.nist.gov/vuln/detail/CVE-2024-46743

CWE (共通脆弱性タイプ一覧)

No	名前	URL
JVNDB
1	CWE-125	https://cwe.mitre.org/data/definitions/125.html

ベンダー情報

No	名前	URL
Kernel.org git repositories
1	of/irq: Prevent device address out-of-bounds read in interrupt map walk (7ead730)	https://git.kernel.org/stable/c/7ead730af11ee7da107f16fc77995613c58d292d
2	of/irq: Prevent device address out-of-bounds read in interrupt map walk (8ff351e)	https://git.kernel.org/stable/c/8ff351ea12e918db1373b915c4c268815929cbe5
3	of/irq: Prevent device address out-of-bounds read in interrupt map walk (9d1e9f0)	https://git.kernel.org/stable/c/9d1e9f0876b03d74d44513a0ed3ed15ef8f2fed5
4	of/irq: Prevent device address out-of-bounds read in interrupt map walk (b739dff)	https://git.kernel.org/stable/c/b739dffa5d570b411d4bdf4bb9b8dfd6b7d72305
5	of/irq: Prevent device address out-of-bounds read in interrupt map walk (baaf267)	https://git.kernel.org/stable/c/baaf26723beab3a04da578d3008be3544f83758f
6	of/irq: Prevent device address out-of-bounds read in interrupt map walk (bf68acd)	https://git.kernel.org/stable/c/bf68acd840b6a5bfd3777e0d5aaa204db6b461a9
7	of/irq: Prevent device address out-of-bounds read in interrupt map walk (d2a7949)	https://git.kernel.org/stable/c/d2a79494d8a5262949736fb2c3ac44d20a51b0d8
8	of/irq: Prevent device address out-of-bounds read in interrupt map walk (defcaa4)	https://git.kernel.org/stable/c/defcaa426ba0bc89ffdafb799d2e50b52f74ffc4
Linux Kernel
9	Linux Kernel Archives	https://www.kernel.org

その他

No	名前	URL
ICS-CERT ADVISORY
1	ICSA-25-226-07	https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07
JVN
2	JVNVU#92169998	https://jvn.jp/vu/JVNVU92169998/index.html

変更履歴

No	変更内容	変更日
1	[2024年09月24日] 掲載	2024年9月24日14:15
2	[2025年08月19日] 参考情報：JVN (JVNVU#92169998) を追加参考情報：ICS-CERT ADVISORY (ICSA-25-226-07) を追加	2025年8月19日10:02