CVE-2024-58007
- ULN >
- Oracle Linux CVE repository >
- CVE-2024-58007
CVE Details
| Release Date: | 2025-02-27 | |
| Impact: | Moderate | What is this? |
Description
In the Linux kernel, the following vulnerability has been resolved: soc: qcom: socinfo: Avoid out of bounds read of serial number On MSM8916 devices, the serial number exposed in sysfs is constant and does not change across individual devices. It's always: db410c:/sys/devices/soc0$ cat serial_number 2644893864 The firmware used on MSM8916 exposes SOCINFO_VERSION(0, 8), which does not have support for the serial_num field in the socinfo struct. There is an existing check to avoid exposing the serial number in that case, but it's not correct: When checking the item_size returned by SMEM, we need to make sure the jdepend-2.9.1-28.el9.src.rpm jdepend-2.9.1-29.el9_5.src.rpm jdepend-2.9.1-32.el9.src.rpm jdependency-1.2-13.el9.src.rpm libXrender-0.9.10-16.el9.src.rpm maven-dependency-analyzer-1.11.3-6.el9.src.rpm maven-dependency-analyzer-1.12.0-2.module+el9+20789+b416fdfa.src.rpm maven-dependency-analyzer-1.12.0-2.module+el9+20796+84711fdc.src.rpm maven-dependency-analyzer-1.13.2-16.module+el9.6.0+90519+3bade6af.src.rpm maven-dependency-analyzer-1.13.2-16.module+el9.6.0+90522+914322c9.src.rpm maven-dependency-plugin-3.1.2-9.el9.src.rpm maven-dependency-plugin-3.3.0-2.module+el9+20789+b416fdfa.src.rpm maven-dependency-plugin-3.3.0-2.module+el9+20796+84711fdc.src.rpm maven-dependency-plugin-3.6.1-13.module+el9.6.0+90519+3bade6af.src.rpm maven-dependency-plugin-3.6.1-13.module+el9.6.0+90522+914322c9.src.rpm maven-dependency-tree-3.0.1-10.el9.src.rpm maven-dependency-tree-3.1.0-2.module+el9+20789+b416fdfa.src.rpm maven-dependency-tree-3.1.0-2.module+el9+20796+84711fdc.src.rpm maven-dependency-tree-3.2.1-17.module+el9.6.0+90519+3bade6af.src.rpm maven-dependency-tree-3.2.1-17.module+el9.6.0+90522+914322c9.src.rpm ocaml-calendar-2.04-39.el9.src.rpm ocaml-calendar-2.04-39.el9.src.rpm.signed ocaml-calendar-2.04-40.el9.src.rpm opendnssec-2.1.10-1.el9.src.rpm opendnssec-2.1.8-4.el9.src.rpm osgi-compendium-7.0.0-12.el9.src.rpm osgi-compendium-7.0.0-13.module+el9+20789+b416fdfa.src.rpm osgi-compendium-7.0.0-13.module+el9+20796+84711fdc.src.rpm osgi-compendium-7.0.0-34.module+el9.6.0+90519+3bade6af.src.rpm osgi-compendium-7.0.0-34.module+el9.6.0+90522+914322c9.src.rpm perl-DateTime-Calendar-Julian-0.103-2.el9.src.rpm perl-Mail-Sender-0.903-16.el9.src.rpm python-readme-renderer-28.0-2.el9.src.rpm python-readme-renderer-44.0-2.el9.src.rpm python-send2trash-1.5.0-1.el9.src.rpm sane-backends-1.0.32-6.el9.src.rpm sane-backends-1.0.32-7.el9.src.rpm sendmail-8.16.1-10.0.1.el9.src.rpm sendmail-8.16.1-10.el9.src.rpm sendmail-8.16.1-11.0.1.el9.src.rpm sendmail-8.16.1-11.el9.src.rpm spacewalk-backend-2.8.48-4.0.1.el9.src.rpm wpebackend-fdo-1.10.0-2.el9.src.rpm wpebackend-fdo-1.10.0-3.el9.src.rpm wpebackend-fdo-1.10.0-3.el9.src.rpm.DoNotUse xcb-util-renderutil-0.3.9-20.el9.src.rpm of the serial_num is within bounds, instead of comparing with the pykickstart-3.32.10-1.0.1.el9.src.rpm pykickstart-3.32.10-1.el9.src.rpm pykickstart-3.32.11-1.0.1.el9.src.rpm pykickstart-3.32.11-1.el9.src.rpm pykickstart-3.32.14-1.0.1.el9.src.rpm pykickstart-3.32.14-1.el9.src.rpm pykickstart-3.32.3-1.0.1.el9_b.src.rpm pykickstart-3.32.3-1.0.2.el9_b.src.rpm pykickstart-3.32.3-1.0.3.el9_b.src.rpm pykickstart-3.32.3-1.el9_b.src.rpm pykickstart-3.32.5-1.0.1.el9.src.rpm pykickstart-3.32.5-1.el9.src.rpm pykickstart-3.32.8-1.0.1.el9.src.rpm pykickstart-3.32.8-1.el9.src.rpm pykickstart-3.32.9-1.0.1.el9.src.rpm pykickstart-3.32.9-1.el9.src.rpm startup-notification-0.12-23.el9.src.rpm offset. The serial_number currently exposed on MSM8916 devices is just an out of bounds read of whatever comes after the socinfo struct in SMEM. Fix this by changing offsetof() to offsetofend(), so that the size of the field is also taken into account.
See more information about CVE-2024-58007 from MITRE CVE dictionary and NIST NVD
NOTE: The following CVSS metrics and score provided are preliminary and subject to review.
CVSS v3 metrics
| Base Score: | 7.1 |
| Vector String: | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
| Version: | 3.1 |
| Attack Vector: | Local |
| Attack Complexity: | Low |
| Privileges Required: | Low |
| User Interaction: | None |
| Scope: | Unchanged |
| Confidentiality Impact: | High |
| Integrity Impact: | None |
| Availability Impact: | High |
Errata information
| Platform | Errata | Release Date |
| Oracle Linux version 9 (kernel) | ELSA-2025-7423 | 2025-05-22 |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:
- Oracle customers - enter a support request
- Vulnerability scanning tools vendors and project maintainers - follow the standard ISV process
