Home

Description

In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Fix KASAN reported stack out-of-bounds read in tb_retimer_scan() KASAN reported following issue: BUG: KASAN: stack-out-of-bounds in tb_retimer_scan+0xffe/0x1550 [thunderbolt] Read of size 4 at addr ffff88810111fc1c by task kworker/u56:0/11 CPU: 0 UID: 0 PID: 11 Comm: kworker/u56:0 Tainted: G U 6.11.0+ #1387 Tainted: [U]=USER Workqueue: thunderbolt0 tb_handle_hotplug [thunderbolt] Call Trace: <TASK> dump_stack_lvl+0x6c/0x90 print_report+0xd1/0x630 kasan_report+0xdb/0x110 __asan_report_load4_noabort+0x14/0x20 tb_retimer_scan+0xffe/0x1550 [thunderbolt] tb_scan_port+0xa6f/0x2060 [thunderbolt] tb_handle_hotplug+0x17b1/0x3080 [thunderbolt] process_one_work+0x626/0x1100 worker_thread+0x6c8/0xfa0 kthread+0x2c8/0x3a0 ret_from_fork+0x3a/0x80 ret_from_fork_asm+0x1a/0x30 This happens because the loop variable still gets incremented by one so max becomes 3 instead of 2, and this makes the second loop read past the the array declared on the stack. Fix this by assigning to max directly in the loop body.

PUBLISHED Reserved 2024-10-21 | Published 2024-11-09 | Updated 2025-10-01 | Assigner Linux

Product status

Default status
unaffected

ff6ab055e070d819f51196622e08f8941b6d2a4b (git) before 08b2771e9270fbe1ed4fbbe93abe05ac7fe9861d
affected

ff6ab055e070d819f51196622e08f8941b6d2a4b (git) before e9e1b20fae7de06ba36dd3f8dba858157bad233d
affected

Default status
affected

6.11
affected

Any version before 6.11
unaffected

6.11.7 (semver)
unaffected

6.12 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/08b2771e9270fbe1ed4fbbe93abe05ac7fe9861d

git.kernel.org/...c/e9e1b20fae7de06ba36dd3f8dba858157bad233d

cve.org (CVE-2024-50227)

nvd.nist.gov (CVE-2024-50227)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.