CVE-2024-42092

gpio: davinci: Validate the obtained number of IRQs

Description

In the Linux kernel, the following vulnerability has been resolved: gpio: davinci: Validate the obtained number of IRQs Value of pdata->gpio_unbanked is taken from Device Tree. In case of broken DT due to any error this value can be any. Without this value validation there can be out of chips->irqs array boundaries access in davinci_gpio_probe(). Validate the obtained nirq value so that it won't exceed the maximum number of IRQs per bank. Found by Linux Verification Center (linuxtesting.org) with SVACE.

INFO

Published Date :

2024-07-29T17:35:01.209Z

Last Modified :

2025-11-03T22:01:24.574Z

Source :

Linux

AFFECTED PRODUCTS

The following products are affected by CVE-2024-42092 vulnerability.

Vendors	Products
Linux	Linux Kernel

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-42092.

URL	Resource
https://git.kernel.org/stable/c/2d83492259ad746b655f196cd5d1be4b3d0a3782
https://git.kernel.org/stable/c/70b48899f3f23f98a52c5b1060aefbdc7ba7957b
https://git.kernel.org/stable/c/7aa9b96e9a73e4ec1771492d0527bd5fc5ef9164
https://git.kernel.org/stable/c/89d7008af4945808677662a630643b5ea89c6e8d
https://git.kernel.org/stable/c/a8d78984fdc105bc1a38b73e98d32b1bc4222684
https://git.kernel.org/stable/c/c542e51306d5f1eba3af84daa005826223382470
https://git.kernel.org/stable/c/cd75721984337c38a12aeca33ba301d31ca4b3fd
https://git.kernel.org/stable/c/e44a83bf15c4db053ac6dfe96a23af184c9136d9
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
https://lore.kernel.org/linux-cve-announce/2024072906-CVE-2024-42092-8375@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-42092
https://www.cve.org/CVERecord?id=CVE-2024-42092

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact