Out-of-bounds Read Affecting kernel-syms package, versions <6.4.0-150600.23.7.1
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-SLES156-KERNELSYMS-7719063
- published 20 Aug 2024
- disclosed 25 Jun 2024
Introduced: 25 Jun 2024
CVE-2024-35992 Open this link in a new tabHow to fix?
Upgrade SLES:15.6
kernel-syms
to version 6.4.0-150600.23.7.1 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream kernel-syms
package and not the kernel-syms
package as distributed by SLES
.
See How to fix?
for SLES:15.6
relevant fixed versions and status.
In the Linux kernel, the following vulnerability has been resolved:
phy: marvell: a3700-comphy: Fix out of bounds read
There is an out of bounds read access of 'gbe_phy_init_fix[fix_idx].addr' every iteration after 'fix_idx' reaches 'ARRAY_SIZE(gbe_phy_init_fix)'.
Make sure 'gbe_phy_init[addr]' is used when all elements of 'gbe_phy_init_fix' array are handled.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
References
- https://www.suse.com/security/cve/CVE-2024-35992.html
- https://bugzilla.suse.com/1224555
- https://git.kernel.org/stable/c/40406dfbc060503d2e0a9e637e98493c54997b3d
- https://git.kernel.org/stable/c/610f175d2e16fb2436ba7974b990563002c20d07
- https://git.kernel.org/stable/c/976df695f579bbb2914114b4e9974fe4ed1eb813
- https://git.kernel.org/stable/c/e4308bc22b9d46cf33165c9dfaeebcf29cd56f04