CVE-2024-35992

phy: marvell: a3700-comphy: Fix out of bounds read

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

phy: marvell: a3700-comphy: Fix out of bounds read

There is an out of bounds read access of 'gbe_phy_init_fix[fix_idx].addr'
every iteration after 'fix_idx' reaches 'ARRAY_SIZE(gbe_phy_init_fix)'.

Make sure 'gbe_phy_init[addr]' is used when all elements of
'gbe_phy_init_fix' array are handled.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: phy: marvell: a3700-comphy: corrección de lectura fuera de los límites. Hay un acceso de lectura fuera de los límites de 'gbe_phy_init_fix[fix_idx].addr' en cada iteración después de que 'fix_idx' alcance ' ARRAY_SIZE(gbe_phy_init_fix)'. Asegúrese de que se utilice 'gbe_phy_init[addr]' cuando se manejen todos los elementos de la matriz 'gbe_phy_init_fix'. Encontrado por el Centro de verificación de Linux (linuxtesting.org) con SVACE.

*Credits: N/A

CVSS Scores

NISTv3.1 5.5

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-05-17 CVE Reserved
2024-05-20 CVE Published
2024-05-24 EPSS Updated
2024-08-02 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-125: Out-of-bounds Read

CAPEC

References (5)

URL	Tag	Source
https://git.kernel.org/stable/c/934337080c6c59b75db76b180b509f218640ad48	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/976df695f579bbb2914114b4e9974fe4ed1eb813	2024-05-02
https://git.kernel.org/stable/c/610f175d2e16fb2436ba7974b990563002c20d07	2024-05-02
https://git.kernel.org/stable/c/40406dfbc060503d2e0a9e637e98493c54997b3d	2024-05-02
https://git.kernel.org/stable/c/e4308bc22b9d46cf33165c9dfaeebcf29cd56f04	2024-04-05

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.18 < 6.1.90 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.18 < 6.1.90"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.18 < 6.6.30 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.18 < 6.6.30"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.18 < 6.8.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.18 < 6.8.9"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.18 < 6.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.18 < 6.9"		en		Affected