CVE-2024-35992

2024-05-2000:00:00

ubuntu.com

linux kernel

vulnerability

out of bounds read

marvell a3700-comphy

svace

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

5.5

Confidence

High

EPSS

Percentile

5.1%

JSON

In the Linux kernel, the following vulnerability has been resolved: phy:
marvell: a3700-comphy: Fix out of bounds read There is an out of bounds
read access of ‘gbe_phy_init_fix[fix_idx].addr’ every iteration after
‘fix_idx’ reaches ‘ARRAY_SIZE(gbe_phy_init_fix)’. Make sure
‘gbe_phy_init[addr]’ is used when all elements of ‘gbe_phy_init_fix’ array
are handled. Found by Linux Verification Center (linuxtesting.org) with
SVACE.

OSVersionArchitecturePackageVersionFilename
ubuntu24.04noarchlinux< 6.8.0-39.39UNKNOWN
ubuntu24.04noarchlinux-aws< 6.8.0-1012.13UNKNOWN
ubuntu22.04noarchlinux-aws-6.5< anyUNKNOWN
ubuntu24.04noarchlinux-azure< anyUNKNOWN
ubuntu22.04noarchlinux-azure-6.5< anyUNKNOWN
ubuntu24.04noarchlinux-gcp< 6.8.0-1011.12UNKNOWN
ubuntu22.04noarchlinux-gcp-6.5< anyUNKNOWN
ubuntu24.04noarchlinux-gke< 6.8.0-1007.10UNKNOWN
ubuntu24.04noarchlinux-ibm< 6.8.0-1009.9UNKNOWN
ubuntu24.04noarchlinux-intel< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	24.04	noarch	linux	< 6.8.0-39.39	UNKNOWN
ubuntu	24.04	noarch	linux-aws	< 6.8.0-1012.13	UNKNOWN
ubuntu	22.04	noarch	linux-aws-6.5	< any	UNKNOWN
ubuntu	24.04	noarch	linux-azure	< any	UNKNOWN
ubuntu	22.04	noarch	linux-azure-6.5	< any	UNKNOWN
ubuntu	24.04	noarch	linux-gcp	< 6.8.0-1011.12	UNKNOWN
ubuntu	22.04	noarch	linux-gcp-6.5	< any	UNKNOWN
ubuntu	24.04	noarch	linux-gke	< 6.8.0-1007.10	UNKNOWN
ubuntu	24.04	noarch	linux-ibm	< 6.8.0-1009.9	UNKNOWN
ubuntu	24.04	noarch	linux-intel	< any	UNKNOWN