CVE-2024-41028

NameCVE-2024-41028
DescriptionIn the Linux kernel, the following vulnerability has been resolved: platform/x86: toshiba_acpi: Fix array out-of-bounds access In order to use toshiba_dmi_quirks[] together with the standard DMI matching functions, it must be terminated by a empty entry. Since this entry is missing, an array out-of-bounds access occurs every time the quirk list is processed. Fix this by adding the terminating empty entry.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
linux (PTS)bullseye5.10.223-1fixed
bullseye (security)5.10.226-1fixed
bookworm6.1.115-1fixed
bookworm (security)6.1.112-1fixed
trixie6.11.7-1fixed
sid6.11.9-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
linuxsourcebullseye(not affected)
linuxsourcebookworm6.1.106-1
linuxsource(unstable)6.9.10-1

Notes

[bullseye] - linux <not-affected> (Vulnerable code not present)
https://git.kernel.org/linus/b6e02c6b0377d4339986e07aeb696c632cd392aa (6.10)
Search for package or bug name: Reporting problems