CVE-2024-56662
CVSS 3.1 Score 7.1 of 10 (high)
Details
Summary
CVE-2024-56662 is a vulnerability affecting the Linux kernel's acpi:nfit component. The issue was identified using the KASAN kernel memory checking tool and involved out-of-bounds reading in the function acpi_nfit_ctl. This problem occurred due to the call_pkg variable not being verified for a correctly sized buffer before accessing its nd_reserved2 array. Unsafe access to this array could result in undefined behavior and potential security risks. To mitigate this issue, a check was implemented in acpi_nfit_ctl() to ensure that the buf argument is not NULL and buf_len is less than sizeof(*call_pkg) before accessing call_pkg. This modification ensures safe access to call_pkg members, preventing out-of-bounds read vulnerabilities.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.