In the Linux kernel, the following vulnerability has been resolved: usb: gadget: aspeed_udc: validate endpoint index for ast udc We should verify the bound of the array to assure that host may not manipulate the index to point past endpoint array. Found by static analysis.
History

Wed, 09 Oct 2024 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Linux
Linux linux Kernel
Weaknesses CWE-129
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}


Sun, 29 Sep 2024 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Sat, 28 Sep 2024 01:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Moderate


Fri, 27 Sep 2024 12:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: usb: gadget: aspeed_udc: validate endpoint index for ast udc We should verify the bound of the array to assure that host may not manipulate the index to point past endpoint array. Found by static analysis.
Title usb: gadget: aspeed_udc: validate endpoint index for ast udc
References

cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-09-27T12:39:32.432Z

Updated: 2024-12-19T09:24:22.009Z

Reserved: 2024-09-11T15:12:18.287Z

Link: CVE-2024-46836

cve-icon Vulnrichment

Updated: 2024-09-29T14:03:17.927Z

cve-icon NVD

Status : Analyzed

Published: 2024-09-27T13:15:15.780

Modified: 2024-10-09T15:47:55.187

Link: CVE-2024-46836

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-09-27T00:00:00Z

Links: CVE-2024-46836 - Bugzilla