CVE-2024-49862

The rp->priv->rpi array is either rpimsr or rpitpmi which have NRRAPLPRIMITIVES number of elements. Thus the > needs to be >= to prevent an off by one access.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

98ff639a7289067247b3ef9dd5d1e922361e7365

Fixed

288cbc505e2046638c615c36357cb78bc9fee1e0

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

98ff639a7289067247b3ef9dd5d1e922361e7365

Fixed

851e7f7f14a15f4e47b7d0f70d5c4a2b95b824d6

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

98ff639a7289067247b3ef9dd5d1e922361e7365

Fixed

6a34f3b0d7f11fb6ed72da315fd2360abd9c0737

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

98ff639a7289067247b3ef9dd5d1e922361e7365

Fixed

95f6580352a7225e619551febb83595bcb77ab17

Affected versions

v6.*

v6.10

v6.10-rc1

v6.10-rc2

v6.10-rc3

v6.10-rc4

v6.10-rc5

v6.10-rc6

v6.10-rc7

v6.10.1

v6.10.10

v6.10.11

v6.10.12

v6.10.2

v6.10.3

v6.10.4

v6.10.5

v6.10.6

v6.10.7

v6.10.8

v6.10.9

v6.11

v6.11-rc1

v6.11-rc2

v6.11-rc3

v6.11-rc4

v6.11-rc5

v6.11-rc6

v6.11-rc7

v6.11.1

v6.4

v6.4-rc4

v6.4-rc5

v6.4-rc6

v6.4-rc7

v6.5

v6.5-rc1

v6.5-rc2

v6.5-rc3

v6.5-rc4

v6.5-rc5

v6.5-rc6

v6.5-rc7

v6.6

v6.6-rc1

v6.6-rc2

v6.6-rc3

v6.6-rc4

v6.6-rc5

v6.6-rc6

v6.6-rc7

v6.6.1

v6.6.10

v6.6.11

v6.6.12

v6.6.13

v6.6.14

v6.6.15

v6.6.16

v6.6.17

v6.6.18

v6.6.19

v6.6.2

v6.6.20

v6.6.21

v6.6.22

v6.6.23

v6.6.24

v6.6.25

v6.6.26

v6.6.27

v6.6.28

v6.6.29

v6.6.3

v6.6.30

v6.6.31

v6.6.32

v6.6.33

v6.6.34

v6.6.35

v6.6.36

v6.6.37

v6.6.38

v6.6.39

v6.6.4

v6.6.40

v6.6.41

v6.6.42

v6.6.43

v6.6.44

v6.6.45

v6.6.46

v6.6.47

v6.6.48

v6.6.49

v6.6.5

v6.6.50

v6.6.51

v6.6.52

v6.6.53

v6.6.6

v6.6.7

v6.6.8

v6.6.9

v6.7

v6.7-rc1

v6.7-rc2

v6.7-rc3

v6.7-rc4

v6.7-rc5

v6.7-rc6

v6.7-rc7

v6.7-rc8

v6.8

v6.8-rc1

v6.8-rc2

v6.8-rc3

v6.8-rc4

v6.8-rc5

v6.8-rc6

v6.8-rc7

v6.9

v6.9-rc1

v6.9-rc2

v6.9-rc3

v6.9-rc4

v6.9-rc5

v6.9-rc6

v6.9-rc7

Database specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 191.0,
                "function_hash": "809733372948056867797609301900599159"
            },
            "target": {
                "function": "get_rpi",
                "file": "drivers/powercap/intel_rapl_common.c"
            },
            "signature_type": "Function",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@851e7f7f14a15f4e47b7d0f70d5c4a2b95b824d6",
            "deprecated": false,
            "signature_version": "v1",
            "id": "CVE-2024-49862-4a409945"
        },
        {
            "digest": {
                "line_hashes": [
                    "81327422020284749373744118059573018223",
                    "9766821139007772029064406913515633601",
                    "143063654730586804918457177604566748433",
                    "181139755430746042912916942563736809427"
                ],
                "threshold": 0.9
            },
            "target": {
                "file": "drivers/powercap/intel_rapl_common.c"
            },
            "signature_type": "Line",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@851e7f7f14a15f4e47b7d0f70d5c4a2b95b824d6",
            "deprecated": false,
            "signature_version": "v1",
            "id": "CVE-2024-49862-dc43a7b1"
        }
    ]
}

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

6.5.0

Fixed

6.6.54

Type: ECOSYSTEM
Events: Introduced

6.7.0

Fixed

6.10.13

Type: ECOSYSTEM
Events: Introduced

6.11.0

Fixed

6.11.2