CVE-2024-42092

{"id": "CVE-2024-42092", "cveTags": [], "metrics": {}, "published": "2024-07-29T18:15:11.740", "references": [{"url": "https://git.kernel.org/stable/c/2d83492259ad746b655f196cd5d1be4b3d0a3782", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/70b48899f3f23f98a52c5b1060aefbdc7ba7957b", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/7aa9b96e9a73e4ec1771492d0527bd5fc5ef9164", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/89d7008af4945808677662a630643b5ea89c6e8d", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/a8d78984fdc105bc1a38b73e98d32b1bc4222684", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/c542e51306d5f1eba3af84daa005826223382470", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/cd75721984337c38a12aeca33ba301d31ca4b3fd", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/e44a83bf15c4db053ac6dfe96a23af184c9136d9", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Awaiting Analysis", "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: davinci: Validate the obtained number of IRQs\n\nValue of pdata->gpio_unbanked is taken from Device Tree. In case of broken\nDT due to any error this value can be any. Without this value validation\nthere can be out of chips->irqs array boundaries access in\ndavinci_gpio_probe().\n\nValidate the obtained nirq value so that it won't exceed the maximum\nnumber of IRQs per bank.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."}, {"lang": "es", "value": " En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: gpio: davinci: valida el n\u00famero de IRQ obtenidos. El valor de pdata->gpio_unbanked se toma del \u00e1rbol de dispositivos. En caso de DT roto debido a alg\u00fan error, este valor puede ser cualquiera. Sin esta validaci\u00f3n de valor, puede haber acceso sin chips->irqs a los l\u00edmites de la matriz en davinci_gpio_probe(). Valide el valor nirq obtenido para que no exceda el n\u00famero m\u00e1ximo de IRQ por banco. Encontrado por el Centro de verificaci\u00f3n de Linux (linuxtesting.org) con SVACE."}], "lastModified": "2024-07-30T13:33:30.653", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}