CVE-2024-46743: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: of/irq: Prevent device address out-of-bounds read in interrupt map walk When of_irq_parse_raw() is invoked with a device address smaller than the interrupt parent node (from #address-cells property), KASAN detects the following out-of-bounds read when populating the initial match table (dyndbg="func of_irq_parse_* +p"): OF: of_irq_parse_one: dev=/soc@0/picasso/watchdog, index=0 OF: parent=/soc@0/pci@878000000000/gpio0@17,0, intsize=2 OF: intspec=4 OF: of_irq_parse_raw: ipar=/soc@0/pci@878000000000/gpio0@17,0, size=2 OF: -> addrsize=3 ================================================================== BUG: KASAN: slab-out-of-bounds in of_irq_parse_raw+0x2b8/0x8d0 Read of size 4 at addr ffffff81beca5608 by task bash/764 CPU: 1 PID: 764 Comm: bash Tainted: G O 6.1.67-484c613561-nokia_sm_arm64 #1 Hardware name: Unknown Unknown Product/Unknown Product, BIOS 2023.01-12.24.03-dirty 01/01/2023 Call trace: dump_backtrace+0xdc/0x130 show_stack+0x1c/0x30 dump_stack_lvl+0x6c/0x84 print_report+0x150/0x448 kasan_report+0x98/0x140 __asan_load4+0x78/0xa0 of_irq_parse_raw+0x2b8/0x8d0 of_irq_parse_one+0x24c/0x270 parse_interrupts+0xc0/0x120 of_fwnode_add_links+0x100/0x2d0 fw_devlink_parse_fwtree+0x64/0xc0 device_add+0xb38/0xc30 of_device_add+0x64/0x90 of_platform_device_create_pdata+0xd0/0x170 of_platform_bus_create+0x244/0x600 of_platform_notify+0x1b0/0x254 blocking_notifier_call_chain+0x9c/0xd0 __of_changeset_entry_notify+0x1b8/0x230 __of_changeset_apply_notify+0x54/0xe4 of_overlay_fdt_apply+0xc04/0xd94 ... The buggy address belongs to the object at ffffff81beca5600 which belongs to the cache kmalloc-128 of size 128 The buggy address is located 8 bytes inside of 128-byte region [ffffff81beca5600, ffffff81beca5680) The buggy address belongs to the physical page: page:00000000230d3d03 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1beca4 head:00000000230d3d03 order:1 compound_mapcount:0 compound_pincount:0 flags: 0x8000000000010200(slab|head|zone=2) raw: 8000000000010200 0000000000000000 dead000000000122 ffffff810000c300 raw: 0000000000000000 0000000000200020 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffffff81beca5500: 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffffff81beca5580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >ffffff81beca5600: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ^ ffffff81beca5680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffffff81beca5700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc ================================================================== OF: -> got it ! Prevent the out-of-bounds read by copying the device address into a buffer of sufficient size.
AI Analysis
Technical Summary
CVE-2024-46743 is a vulnerability identified in the Linux kernel's device tree interrupt handling code, specifically within the function of_irq_parse_raw(). This function is responsible for parsing interrupt information from device tree nodes, which is crucial for hardware interrupt management on systems using device trees, such as many ARM-based embedded devices. The vulnerability arises when the device address provided to of_irq_parse_raw() is smaller than the interrupt parent node's address, as defined by the #address-cells property. This mismatch leads to an out-of-bounds read during the construction of the initial match table for interrupts. The kernel's Kernel Address Sanitizer (KASAN) detects this as a slab-out-of-bounds read, indicating that the code reads memory beyond the allocated buffer size. The root cause is insufficient validation and buffer sizing when copying the device address, allowing the function to read 4 bytes beyond the intended memory region. This can cause kernel crashes or undefined behavior. The vulnerability affects Linux kernel versions prior to the patch that copies the device address into a buffer of sufficient size to prevent the out-of-bounds read. The detailed kernel stack trace shows the issue occurs during device addition and interrupt parsing, which are common operations during system boot or device initialization. Although no known exploits are reported in the wild, the flaw could be triggered by malicious or malformed device tree data, potentially leading to denial of service (kernel panic) or other stability issues. The vulnerability is particularly relevant for Linux systems running on ARM architectures or other platforms using device tree-based hardware descriptions.
Potential Impact
For European organizations, the impact of CVE-2024-46743 depends largely on their use of Linux-based systems in embedded or specialized hardware environments, such as telecommunications infrastructure, industrial control systems, or IoT devices. Many European telecom providers and industrial firms deploy ARM-based Linux systems that rely on device trees for hardware configuration. Exploitation could lead to kernel crashes, causing service interruptions or downtime in critical infrastructure. While the vulnerability does not directly enable privilege escalation or remote code execution, the resulting denial of service could disrupt operations, especially in environments requiring high availability. Additionally, the instability could be leveraged as part of a multi-stage attack to weaken system defenses. Given the prevalence of Linux in European data centers and embedded systems, organizations that do not promptly apply patches risk operational disruptions. The lack of known exploits suggests the threat is currently low but could increase as attackers analyze the vulnerability. The impact is more pronounced in sectors with critical infrastructure and embedded Linux deployments, including telecommunications, manufacturing, and automotive industries prevalent in Europe.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernel versions to include the patch that addresses CVE-2024-46743. Since the vulnerability is in the kernel's device tree interrupt parsing code, kernel upgrades are the primary mitigation. For embedded and specialized devices where kernel upgrades may be complex, vendors should be contacted for firmware updates or patches. Additionally, organizations should audit their device tree configurations to ensure they are well-formed and do not contain malformed interrupt parent nodes or address properties that could trigger the vulnerability. Implementing kernel hardening features such as KASAN in development and testing environments can help detect similar issues early. Monitoring system logs for KASAN reports or kernel oops messages related to of_irq_parse_raw can provide early warning signs of exploitation attempts. Network segmentation and strict access controls on devices running vulnerable kernels can reduce the risk of remote exploitation. Finally, organizations should maintain an inventory of Linux-based embedded devices and ensure they have a patch management process that includes these systems.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Sweden, Finland
CVE-2024-46743: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: of/irq: Prevent device address out-of-bounds read in interrupt map walk When of_irq_parse_raw() is invoked with a device address smaller than the interrupt parent node (from #address-cells property), KASAN detects the following out-of-bounds read when populating the initial match table (dyndbg="func of_irq_parse_* +p"): OF: of_irq_parse_one: dev=/soc@0/picasso/watchdog, index=0 OF: parent=/soc@0/pci@878000000000/gpio0@17,0, intsize=2 OF: intspec=4 OF: of_irq_parse_raw: ipar=/soc@0/pci@878000000000/gpio0@17,0, size=2 OF: -> addrsize=3 ================================================================== BUG: KASAN: slab-out-of-bounds in of_irq_parse_raw+0x2b8/0x8d0 Read of size 4 at addr ffffff81beca5608 by task bash/764 CPU: 1 PID: 764 Comm: bash Tainted: G O 6.1.67-484c613561-nokia_sm_arm64 #1 Hardware name: Unknown Unknown Product/Unknown Product, BIOS 2023.01-12.24.03-dirty 01/01/2023 Call trace: dump_backtrace+0xdc/0x130 show_stack+0x1c/0x30 dump_stack_lvl+0x6c/0x84 print_report+0x150/0x448 kasan_report+0x98/0x140 __asan_load4+0x78/0xa0 of_irq_parse_raw+0x2b8/0x8d0 of_irq_parse_one+0x24c/0x270 parse_interrupts+0xc0/0x120 of_fwnode_add_links+0x100/0x2d0 fw_devlink_parse_fwtree+0x64/0xc0 device_add+0xb38/0xc30 of_device_add+0x64/0x90 of_platform_device_create_pdata+0xd0/0x170 of_platform_bus_create+0x244/0x600 of_platform_notify+0x1b0/0x254 blocking_notifier_call_chain+0x9c/0xd0 __of_changeset_entry_notify+0x1b8/0x230 __of_changeset_apply_notify+0x54/0xe4 of_overlay_fdt_apply+0xc04/0xd94 ... The buggy address belongs to the object at ffffff81beca5600 which belongs to the cache kmalloc-128 of size 128 The buggy address is located 8 bytes inside of 128-byte region [ffffff81beca5600, ffffff81beca5680) The buggy address belongs to the physical page: page:00000000230d3d03 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1beca4 head:00000000230d3d03 order:1 compound_mapcount:0 compound_pincount:0 flags: 0x8000000000010200(slab|head|zone=2) raw: 8000000000010200 0000000000000000 dead000000000122 ffffff810000c300 raw: 0000000000000000 0000000000200020 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffffff81beca5500: 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffffff81beca5580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >ffffff81beca5600: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ^ ffffff81beca5680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffffff81beca5700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc ================================================================== OF: -> got it ! Prevent the out-of-bounds read by copying the device address into a buffer of sufficient size.
AI-Powered Analysis
Technical Analysis
CVE-2024-46743 is a vulnerability identified in the Linux kernel's device tree interrupt handling code, specifically within the function of_irq_parse_raw(). This function is responsible for parsing interrupt information from device tree nodes, which is crucial for hardware interrupt management on systems using device trees, such as many ARM-based embedded devices. The vulnerability arises when the device address provided to of_irq_parse_raw() is smaller than the interrupt parent node's address, as defined by the #address-cells property. This mismatch leads to an out-of-bounds read during the construction of the initial match table for interrupts. The kernel's Kernel Address Sanitizer (KASAN) detects this as a slab-out-of-bounds read, indicating that the code reads memory beyond the allocated buffer size. The root cause is insufficient validation and buffer sizing when copying the device address, allowing the function to read 4 bytes beyond the intended memory region. This can cause kernel crashes or undefined behavior. The vulnerability affects Linux kernel versions prior to the patch that copies the device address into a buffer of sufficient size to prevent the out-of-bounds read. The detailed kernel stack trace shows the issue occurs during device addition and interrupt parsing, which are common operations during system boot or device initialization. Although no known exploits are reported in the wild, the flaw could be triggered by malicious or malformed device tree data, potentially leading to denial of service (kernel panic) or other stability issues. The vulnerability is particularly relevant for Linux systems running on ARM architectures or other platforms using device tree-based hardware descriptions.
Potential Impact
For European organizations, the impact of CVE-2024-46743 depends largely on their use of Linux-based systems in embedded or specialized hardware environments, such as telecommunications infrastructure, industrial control systems, or IoT devices. Many European telecom providers and industrial firms deploy ARM-based Linux systems that rely on device trees for hardware configuration. Exploitation could lead to kernel crashes, causing service interruptions or downtime in critical infrastructure. While the vulnerability does not directly enable privilege escalation or remote code execution, the resulting denial of service could disrupt operations, especially in environments requiring high availability. Additionally, the instability could be leveraged as part of a multi-stage attack to weaken system defenses. Given the prevalence of Linux in European data centers and embedded systems, organizations that do not promptly apply patches risk operational disruptions. The lack of known exploits suggests the threat is currently low but could increase as attackers analyze the vulnerability. The impact is more pronounced in sectors with critical infrastructure and embedded Linux deployments, including telecommunications, manufacturing, and automotive industries prevalent in Europe.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernel versions to include the patch that addresses CVE-2024-46743. Since the vulnerability is in the kernel's device tree interrupt parsing code, kernel upgrades are the primary mitigation. For embedded and specialized devices where kernel upgrades may be complex, vendors should be contacted for firmware updates or patches. Additionally, organizations should audit their device tree configurations to ensure they are well-formed and do not contain malformed interrupt parent nodes or address properties that could trigger the vulnerability. Implementing kernel hardening features such as KASAN in development and testing environments can help detect similar issues early. Monitoring system logs for KASAN reports or kernel oops messages related to of_irq_parse_raw can provide early warning signs of exploitation attempts. Network segmentation and strict access controls on devices running vulnerable kernels can reduce the risk of remote exploitation. Finally, organizations should maintain an inventory of Linux-based embedded devices and ensure they have a patch management process that includes these systems.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-09-11T15:12:18.264Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9826c4522896dcbe117c
Added to database: 5/21/2025, 9:08:54 AM
Last enriched: 6/29/2025, 1:10:50 AM
Last updated: 8/11/2025, 8:58:59 PM
Views: 14
Related Threats
CVE-2025-8885: CWE-770 Allocation of Resources Without Limits or Throttling in Legion of the Bouncy Castle Inc. Bouncy Castle for Java
MediumCVE-2025-26398: CWE-798 Use of Hard-coded Credentials in SolarWinds Database Performance Analyzer
MediumCVE-2025-41686: CWE-306 Missing Authentication for Critical Function in Phoenix Contact DaUM
HighCVE-2025-8874: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in litonice13 Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations
MediumCVE-2025-8767: CWE-1236 Improper Neutralization of Formula Elements in a CSV File in anwppro AnWP Football Leagues
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.