CVE-2024-53228

Published: Dec 27, 2024

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: riscv: kvm: Fix out-of-bounds array access In kvm_riscv_vcpu_sbi_init() the entry->ext_idx can contain an out-of-bound index. This is used as a special marker for the base extensions, that cannot be disabled. However, when traversing the extensions, that special marker is not checked prior indexing the array. Add an out-of-bounds check to the function.

Vendor	Product	Versions
Linux	Linux	affected `56d8a385b60556019ecb45d6098830c9ef6a13e0 - < 3c49e1084a5df99807fc43dd318c491e6cbaa168` affected `56d8a385b60556019ecb45d6098830c9ef6a13e0 - < b1af648f0d610665c956ea4604d9f797e5c7e991` affected `56d8a385b60556019ecb45d6098830c9ef6a13e0 - < 332fa4a802b16ccb727199da685294f85f9880cb`
Linux	Linux	affected `6.7` unaffected `0 - < 6.7` unaffected `6.11.11 - <= 6.11.` unaffected `6.12.2 - <= 6.12.` unaffected `6.13 - <= *`

References

https://git.kernel.org/stable/c/3c49e1084a5df99807fc43dd318c491e6cbaa168

https://git.kernel.org/stable/c/b1af648f0d610665c956ea4604d9f797e5c7e991

https://git.kernel.org/stable/c/332fa4a802b16ccb727199da685294f85f9880cb

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-53228

Description

Affected Products

References