In the Linux kernel, the following vulnerability has been resolved:
PCI: kirin: Fix buffer overflow in kirinpcieparse_port()
Within kirinpcieparseport(), the pcie->numslots is compared to pcie->gpioidreset size (MAXPCISLOTS) which is correct and would lead to an overflow.
Thus, fix condition to pcie->numslots + 1 >= MAXPCISLOTS and move pcie->numslots increment below the if-statement to avoid out-of-bounds array access.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
[kwilczynski: commit log]
{ "vanir_signatures": [ { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@aeb0335971806e15ac91e838ca471936c8e7efd5", "signature_type": "Line", "target": { "file": "drivers/pci/controller/dwc/pcie-kirin.c" }, "deprecated": false, "digest": { "line_hashes": [ "314684259056089404521096407894173229556", "39630415274827562699757896989990629444", "324768294074943255350900825165472427628", "26429928997581743956518599598464846453", "263246966576043653686711087564039374098", "286454477255706716303058852157214673688", "310252693440375607717958327241321093145", "117874229324935439592778602086282714931" ], "threshold": 0.9 }, "id": "CVE-2024-47751-09966623" }, { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@aeb0335971806e15ac91e838ca471936c8e7efd5", "signature_type": "Function", "target": { "function": "kirin_pcie_parse_port", "file": "drivers/pci/controller/dwc/pcie-kirin.c" }, "deprecated": false, "digest": { "length": 1138.0, "function_hash": "12942734857694880563608926559168432882" }, "id": "CVE-2024-47751-b53a7c47" } ] }