Details of VAR-202409-1159

ID

VAR-202409-1159

CVE

CVE-2024-46743

TITLE

Linux of Linux Kernel Out-of-bounds read vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2024-008764

DESCRIPTION

In the Linux kernel, the following vulnerability has been resolved: of/irq: Prevent device address out-of-bounds read in interrupt map walk When of_irq_parse_raw() is invoked with a device address smaller than the interrupt parent node (from #address-cells property), KASAN detects the following out-of-bounds read when populating the initial match table (dyndbg="func of_irq_parse_* +p"): OF: of_irq_parse_one: dev=/soc@0/picasso/watchdog, index=0 OF: parent=/soc@0/pci@878000000000/gpio0@17,0, intsize=2 OF: intspec=4 OF: of_irq_parse_raw: ipar=/soc@0/pci@878000000000/gpio0@17,0, size=2 OF: -> addrsize=3 ================================================================== BUG: KASAN: slab-out-of-bounds in of_irq_parse_raw+0x2b8/0x8d0 Read of size 4 at addr ffffff81beca5608 by task bash/764 CPU: 1 PID: 764 Comm: bash Tainted: G O 6.1.67-484c613561-nokia_sm_arm64 #1 Hardware name: Unknown Unknown Product/Unknown Product, BIOS 2023.01-12.24.03-dirty 01/01/2023 Call trace: dump_backtrace+0xdc/0x130 show_stack+0x1c/0x30 dump_stack_lvl+0x6c/0x84 print_report+0x150/0x448 kasan_report+0x98/0x140 __asan_load4+0x78/0xa0 of_irq_parse_raw+0x2b8/0x8d0 of_irq_parse_one+0x24c/0x270 parse_interrupts+0xc0/0x120 of_fwnode_add_links+0x100/0x2d0 fw_devlink_parse_fwtree+0x64/0xc0 device_add+0xb38/0xc30 of_device_add+0x64/0x90 of_platform_device_create_pdata+0xd0/0x170 of_platform_bus_create+0x244/0x600 of_platform_notify+0x1b0/0x254 blocking_notifier_call_chain+0x9c/0xd0 __of_changeset_entry_notify+0x1b8/0x230 __of_changeset_apply_notify+0x54/0xe4 of_overlay_fdt_apply+0xc04/0xd94 ... The buggy address belongs to the object at ffffff81beca5600 which belongs to the cache kmalloc-128 of size 128 The buggy address is located 8 bytes inside of 128-byte region [ffffff81beca5600, ffffff81beca5680) The buggy address belongs to the physical page: page:00000000230d3d03 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1beca4 head:00000000230d3d03 order:1 compound_mapcount:0 compound_pincount:0 flags: 0x8000000000010200(slab|head|zone=2) raw: 8000000000010200 0000000000000000 dead000000000122 ffffff810000c300 raw: 0000000000000000 0000000000200020 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffffff81beca5500: 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffffff81beca5580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >ffffff81beca5600: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ^ ffffff81beca5680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffffff81beca5700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc ================================================================== OF: -> got it ! Prevent the out-of-bounds read by copying the device address into a buffer of sufficient size. Linux of Linux Kernel Exists in an out-of-bounds read vulnerability.Information is obtained and service operation is interrupted (DoS) It may be in a state. The RUGGEDCOM RST2428P is a Layer 2 Ethernet switch based on SINEC OS with up to 28 non-blocking interfaces. SCALANCE X switches are used to connect industrial components such as programmable logic controllers (PLCs) and human-machine interfaces (HMIs). Multiple vulnerabilities exist in third-party components prior to SIEMENS SINEC OS V3.2. These vulnerabilities could be exploited to corrupt values, leading to undefined behavior or security issues

Trust: 2.16

sources: NVD: CVE-2024-46743 // JVNDB: JVNDB-2024-008764 // CNVD: CNVD-2025-19350

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-19350

AFFECTED PRODUCTS

vendor:	linux	model:	kernel	scope:	eq	version:	6.11	Trust: 1.8
vendor:	linux	model:	kernel	scope:	gte	version:	5.11	Trust: 1.0
vendor:	linux	model:	kernel	scope:	gte	version:	4.20	Trust: 1.0
vendor:	linux	model:	kernel	scope:	lt	version:	5.4.284	Trust: 1.0
vendor:	linux	model:	kernel	scope:	gte	version:	5.5	Trust: 1.0
vendor:	linux	model:	kernel	scope:	gte	version:	6.7	Trust: 1.0
vendor:	linux	model:	kernel	scope:	lt	version:	6.6.51	Trust: 1.0
vendor:	linux	model:	kernel	scope:	gte	version:	6.2	Trust: 1.0
vendor:	linux	model:	kernel	scope:	gte	version:	5.16	Trust: 1.0
vendor:	linux	model:	kernel	scope:	lt	version:	6.10.10	Trust: 1.0
vendor:	linux	model:	kernel	scope:	lt	version:	6.1.110	Trust: 1.0
vendor:	linux	model:	kernel	scope:	lt	version:	5.10.226	Trust: 1.0
vendor:	linux	model:	kernel	scope:	lt	version:	4.19.322	Trust: 1.0
vendor:	linux	model:	kernel	scope:	lt	version:	5.15.167	Trust: 1.0
vendor:	linux	model:	kernel	scope:	eq	version:	5.16 that's all 6.1.110	Trust: 0.8
vendor:	linux	model:	kernel	scope:	eq	version:	-	Trust: 0.8
vendor:	linux	model:	kernel	scope:	eq	version:	5.5 that's all 5.10.226	Trust: 0.8
vendor:	linux	model:	kernel	scope:	eq	version:	6.2 that's all 6.6.51	Trust: 0.8
vendor:	linux	model:	kernel	scope:	eq	version:	5.11 that's all 5.15.167	Trust: 0.8
vendor:	linux	model:	kernel	scope:	eq	version:	6.7 that's all 6.10.10	Trust: 0.8
vendor:	linux	model:	kernel	scope:	eq	version:	4.19.322	Trust: 0.8
vendor:	linux	model:	kernel	scope:	eq	version:	4.20 that's all 5.4.284	Trust: 0.8
vendor:	siemens	model:	ruggedcom rst2428p	scope:	lt	version:	v3.2	Trust: 0.6
vendor:	siemens	model:	scalance xc-300/xr-300/xc-400/xr-500wg/xr-500 family	scope:	lt	version:	v3.2	Trust: 0.6
vendor:	siemens	model:	scalance xcm-/xrm-/xch-/xrh-300 family	scope:	lt	version:	v3.2	Trust: 0.6

sources: CNVD: CNVD-2025-19350 // JVNDB: JVNDB-2024-008764 // NVD: CVE-2024-46743

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2024-46743
value:	HIGH
Trust: 1.0
NVD:	CVE-2024-46743
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-19350
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-19350
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2024-46743
baseSeverity:	HIGH
baseScore:	7.1
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.2
version:	3.1
Trust: 1.0
NVD:	CVE-2024-46743
baseSeverity:	HIGH
baseScore:	7.1
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-19350 // JVNDB: JVNDB-2024-008764 // NVD: CVE-2024-46743

PROBLEMTYPE DATA

problemtype:	CWE-125	Trust: 1.0
problemtype:	Out-of-bounds read (CWE-125) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-008764 // NVD: CVE-2024-46743

PATCH

title:	Linux Kernel Archives	url:	https://git.kernel.org/stable/c/7ead730af11ee7da107f16fc77995613c58d292d	Trust: 0.8
title:	Patch for Multiple vulnerabilities exist in third-party components of SIEMENS SINEC OS V3.2 and earlier	url:	https://www.cnvd.org.cn/patchInfo/show/723061	Trust: 0.6

sources: CNVD: CNVD-2025-19350 // JVNDB: JVNDB-2024-008764

EXTERNAL IDS

db:	NVD	id:	CVE-2024-46743	Trust: 2.6
db:	SIEMENS	id:	SSA-355557	Trust: 1.6
db:	SIEMENS	id:	SSA-398330	Trust: 1.0
db:	SIEMENS	id:	SSA-265688	Trust: 1.0
db:	ICS CERT	id:	ICSA-25-226-07	Trust: 0.8
db:	JVN	id:	JVNVU92169998	Trust: 0.8
db:	JVNDB	id:	JVNDB-2024-008764	Trust: 0.8
db:	CNVD	id:	CNVD-2025-19350	Trust: 0.6

sources: CNVD: CNVD-2025-19350 // JVNDB: JVNDB-2024-008764 // NVD: CVE-2024-46743

REFERENCES

url:	https://cert-portal.siemens.com/productcert/html/ssa-355557.html	Trust: 1.6
url:	https://git.kernel.org/stable/c/9d1e9f0876b03d74d44513a0ed3ed15ef8f2fed5	Trust: 1.0
url:	https://git.kernel.org/stable/c/defcaa426ba0bc89ffdafb799d2e50b52f74ffc4	Trust: 1.0
url:	https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html	Trust: 1.0
url:	https://git.kernel.org/stable/c/bf68acd840b6a5bfd3777e0d5aaa204db6b461a9	Trust: 1.0
url:	https://git.kernel.org/stable/c/d2a79494d8a5262949736fb2c3ac44d20a51b0d8	Trust: 1.0
url:	https://git.kernel.org/stable/c/8ff351ea12e918db1373b915c4c268815929cbe5	Trust: 1.0
url:	https://git.kernel.org/stable/c/7ead730af11ee7da107f16fc77995613c58d292d	Trust: 1.0
url:	https://git.kernel.org/stable/c/baaf26723beab3a04da578d3008be3544f83758f	Trust: 1.0
url:	https://cert-portal.siemens.com/productcert/html/ssa-265688.html	Trust: 1.0
url:	https://git.kernel.org/stable/c/b739dffa5d570b411d4bdf4bb9b8dfd6b7d72305	Trust: 1.0
url:	https://cert-portal.siemens.com/productcert/html/ssa-398330.html	Trust: 1.0
url:	https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html	Trust: 1.0
url:	https://jvn.jp/vu/jvnvu92169998/index.html	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-46743	Trust: 0.8
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07	Trust: 0.8

sources: CNVD: CNVD-2025-19350 // JVNDB: JVNDB-2024-008764 // NVD: CVE-2024-46743

SOURCES

db:	CNVD	id:	CNVD-2025-19350
db:	JVNDB	id:	JVNDB-2024-008764
db:	NVD	id:	CVE-2024-46743

LAST UPDATE DATE

2026-06-18T19:06:54.242000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-19350	date:	2025-08-22T00:00:00
db:	JVNDB	id:	JVNDB-2024-008764	date:	2025-09-02T06:25:00
db:	NVD	id:	CVE-2024-46743	date:	2026-05-12T12:17:11.290

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-19350	date:	2025-08-12T00:00:00
db:	JVNDB	id:	JVNDB-2024-008764	date:	2024-09-24T00:00:00
db:	NVD	id:	CVE-2024-46743	date:	2024-09-18T08:15:03.540