Login Sign Up

CVE-2024-46743

7.1 HIGH
Denial of Service

📋 TL;DR

This CVE describes an out-of-bounds read vulnerability in the Linux kernel's OpenFirmware interrupt parsing code. When of_irq_parse_raw() is called with a device address smaller than the interrupt parent node, it can read beyond allocated memory boundaries. This affects Linux systems using device tree configurations.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Specific affected versions not explicitly stated, but references indicate stable kernel patches from 6.1.67 and other versions
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Requires device tree configuration and interrupt parsing functionality. Systems using OpenFirmware/device tree are primarily affected.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel memory corruption leading to system crash, denial of service, or potential information disclosure of kernel memory contents.

🟠

Likely Case

System instability, kernel panic, or denial of service when processing malformed device tree configurations.

🟢

If Mitigated

With proper kernel hardening and KASAN enabled, the out-of-bounds read is detected and prevented, causing controlled failure.

🌐 Internet-Facing: LOW - This vulnerability requires local access or ability to modify device tree configurations.
🏢 Internal Only: MEDIUM - Local attackers or privileged users could potentially trigger this vulnerability to cause system instability.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM - Requires understanding of device tree configuration and kernel internals

The vulnerability was discovered through KASAN detection during normal kernel operations, not through active exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patches available in stable kernel trees (commits: 7ead730af11e, 8ff351ea12e9, 9d1e9f0876b0, b739dffa5d57, baaf26723bea)

Vendor Advisory: https://git.kernel.org/stable/c/7ead730af11ee7da107f16fc77995613c58d292d

Restart Required: Yes

Instructions:

1. Update to a patched kernel version from your distribution vendor. 2. Apply the specific kernel patch if compiling from source. 3. Reboot the system to load the new kernel.

🔧 Temporary Workarounds

Disable device tree overlay application

linux

Prevent dynamic device tree modifications that could trigger the vulnerability

echo 0 > /sys/kernel/config/device-tree/overlays/enable

🧯 If You Can't Patch

  • Restrict access to device tree configuration and overlay functionality
  • Enable kernel hardening features like KASAN to detect and prevent exploitation

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if device tree overlays are being used. Vulnerable if using affected kernel versions with device tree functionality.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is updated beyond the patched versions. Check that of_irq_parse_raw function has the buffer size validation fix.

📡 Detection & Monitoring

Log Indicators:

  • KASAN reports of out-of-bounds reads in of_irq_parse_raw
  • Kernel panic messages related to interrupt parsing
  • System crashes during device tree operations

Network Indicators:

  • None - this is a local kernel vulnerability

SIEM Query:

kernel: "BUG: KASAN: slab-out-of-bounds in of_irq_parse_raw" OR kernel: "of_irq_parse_raw+0x2b8/0x8d0"

📊 Metadata

CVE ID: CVE-2024-46743
CVSS v3 Score: 7.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CWE: CWE-125
Published: September 18, 2024
Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-46743, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)