CVE-2024-46836

usb: gadget: aspeed_udc: validate endpoint index for ast udc

Published: 9/27/2024 Last updated: 5/4/2025 Reserved: 9/11/2024

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: aspeed_udc: validate endpoint index for ast udc We should verify the bound of the array to assure that host may not manipulate the index to point past endpoint array. Found by static analysis.

CNA assigner: Linux (416baaa9-dc9f-4396-8d5f-8c081fb06d67) Requested by: n/a

Opam packages affected (27)

albatross cdrom conf-bpftool conf-libbpf conf-linux-libc-dev core core_unix hvsock mirage-block-unix mm ocaml-probes orun rawlink rawlink-eio rawlink-lwt shell solo5 solo5-bindings-hvt solo5-bindings-spt solo5-cross-aarch64 solo5-kernel-ukvm tracy-client tuntap uring vhd-format vhd-format-lwt xapi-stdext-unix

Products affected (2)

Product	Vendor	Version
Linux	Linux	< c92298d228f61589dd21657af2bea95fc866b813
Linux	Linux	MSM8108

References (4)

https://git.kernel.org/stable/c/31bd4fab49c0adc6228848357c1b1df9395858af
https://git.kernel.org/stable/c/b2a50ffdd1a079869a62198a8d1441355c513c7c
https://git.kernel.org/stable/c/6fe9ca2ca389114c8da66e534c18273497843e8a
https://git.kernel.org/stable/c/ee0d382feb44ec0f445e2ad63786cd7f3f6a8199