LiveActive security incident?Get immediate response
CVE Record

CVE-2024-46743: of/irq: Prevent device address out-of-bounds read in interrupt map walk

In the Linux kernel, the following vulnerability has been resolved: of/irq: Prevent device address out-of-bounds read in interrupt map walk When of_irq_parse_raw() is invoked with a device address smaller than the interrupt parent node (from #address-cells property), KASAN detects the following out-of-bounds read when populating the initial match table (dyndbg="func of_irq_parse_* +p"): OF: of_irq_parse_one: dev=/soc@0/picasso/watchdog, index=0 OF: parent=/soc@0/pci@878000000000/gpio0@17,0, intsize=2 OF: intspec=4 OF: of_irq_parse_raw: ipar=/soc@0/pci@878000000000/gpio0@17,0, size=2 OF: -> addrsize=3 ================================================================== BUG: KASAN: slab-out-of-bounds in of_irq_parse_raw+0x2b8/0x8d0 Read of size 4 at addr ffffff81beca5608 by task bash/764 CPU: 1 PID: 764 Comm: bash Tainted: G O 6.1.67-484c613561-nokia_sm_arm64 #1 Hardware name: Unknown Unknown Product/Unknown Product, BIOS 2023.01-12.24.03-dirty 01/01/2023 Call trace: dump_backtrace+0xdc/0x130 show_stack+0x1c/0x30 dump_stack_lvl+0x6c/0x84 print_report+0x150/0x448 kasan_report+0x98/0x140 __asan_load4+0x78/0xa0 of_irq_parse_raw+0x2b8/0x8d0 of_irq_parse_one+0x24c/0x270 parse_interrupts+0xc0/0x120 of_fwnode_add_links+0x100/0x2d0 fw_devlink_parse_fwtree+0x64/0xc0 device_add+0xb38/0xc30 of_device_add+0x64/0x90 of_platform_device_create_pdata+0xd0/0x170 of_platform_bus_create+0x244/0x600 of_platform_notify+0x1b0/0x254 blocking_notifier_call_chain+0x9c/0xd0 __of_changeset_entry_notify+0x1b8/0x230 __of_changeset_apply_notify+0x54/0xe4 of_overlay_fdt_apply+0xc04/0xd94 ... The buggy address belongs to the object at ffffff81beca5600 which belongs to the cache kmalloc-128 of size 128 The buggy address is located 8 bytes inside of 128-byte region [ffffff81beca5600, ffffff81beca5680) The buggy address belongs to the physical page: page:00000000230d3d03 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1beca4 head:00000000230d3d03 order:1 compound_mapcount:0 compound_pincount:0 flags: 0x8000000000010200(slab|head|zone=2) raw: 8000000000010200 0000000000000000 dead000000000122 ffffff810000c300 raw: 0000000000000000 0000000000200020 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffffff81beca5500: 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffffff81beca5580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >ffffff81beca5600: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ^ ffffff81beca5680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffffff81beca5700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc ================================================================== OF: -> got it ! Prevent the out-of-bounds read by copying the device address into a buffer of sufficient size.

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysisunknown

Security readout for executives and security teams

Plain-English summary

CVE-2024-46743 is a Linux kernel memory-safety bug in device-tree interrupt parsing. A malformed or mismatched device-tree address can make the kernel read past a buffer. Public sources show kernel fixes and downstream advisories, but no CVSS score or confirmed exploitation.

Executive priority

Treat this as a targeted kernel maintenance issue, not an internet-wide emergency based on current evidence. Escalate priority for products where customers, operators, or update mechanisms can influence device-tree overlays.

Technical view

The flaw is in of_irq_parse_raw() during interrupt map walking. If a device address is smaller than the interrupt parent node’s #address-cells value, the initial match table population can trigger a KASAN-detected slab out-of-bounds read. The kernel fix copies the device address into a sufficiently sized buffer.

Likely exposure

Exposure is most likely on Linux systems using affected kernel versions and device-tree based hardware descriptions, especially embedded, appliance, industrial, or ARM-style platforms. Systems that accept or apply device-tree overlays deserve closer review.

Exploitation context

The bundle does not show KEV listing, active exploitation, public exploit use, CVSS, or a clear attacker prerequisite. The observed trace involves device-tree overlay application and KASAN detection, so exploitation context remains incomplete.

Researcher notes

Evidence supports an out-of-bounds read in Open Firmware interrupt parsing and kernel-stable remediations. The bundle does not establish privilege requirements, remote reachability, exploitability beyond read behavior, or practical impact outside affected device-tree parsing paths.

Mitigation direction

  • Apply vendor kernel updates that include the stable fixes for CVE-2024-46743.
  • Prioritize embedded, appliance, and industrial Linux systems using device-tree overlays.
  • Review Debian LTS and Siemens advisories if those ecosystems are in scope.
  • If no package is available, follow the Linux vendor’s backport guidance.
  • Restrict who can load or apply device-tree overlays.

Validation and detection

  • Inventory Linux kernel versions across exposed and embedded assets.
  • Check vendor changelogs for CVE-2024-46743 or the listed stable commits.
  • Confirm whether systems use device-tree overlays or custom hardware descriptions.
  • Review kernel logs for related KASAN or of_irq_parse_raw findings.
  • Verify downstream advisories applicable to Debian or Siemens-managed products.
Prepared
Confidence
medium
Sources
12

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2024-46743 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
3Timeline events
3ADP providers
14Source links

SSVC decision data

CISA-ADPCISA Coordinator
Timestamp
Version
2.0.3
Exploitation: noneAutomatable: noTechnical Impact: partial

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

ADP provider summaries

CISA-ADPCISA ADP Vulnrichment
other:ssvc
CVECVE Program Container
siemens-SADPADP container
Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
LinuxLinuxcc9fd71c62f542233c412b5fabc1bbe0c4d5ad08, cc9fd71c62f542233c412b5fabc1bbe0c4d5ad08, cc9fd71c62f542233c412b5fabc1bbe0c4d5ad08, cc9fd71c62f542233c412b5fabc1bbe0c4d5ad08, cc9fd71c62f542233c412b5fabc1bbe0c4d5ad08, cc9fd71c62f542233c412b5fabc1bbe0c4d5ad08, cc9fd71c62f542233c412b5fabc1bbe0c4d5ad08, cc9fd71c62f542233c412b5fabc1bbe0c4d5ad08unaffected
LinuxLinux2.6.18, 0, 4.19.322, 5.4.284, 5.10.226, 5.15.167, 6.1.110, 6.6.51, 6.10.10, 6.11affected
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.