SB20241022200 - Off-by-one in Linux kernel powercap driver
Published: October 22, 2024 Updated: May 12, 2025
Security Bulletin ID
SB20241022200
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Off-by-one (CVE-ID: CVE-2024-49862)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an off-by-one error within the get_rpi() function in drivers/powercap/intel_rapl_common.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/288cbc505e2046638c615c36357cb78bc9fee1e0
- https://git.kernel.org/stable/c/851e7f7f14a15f4e47b7d0f70d5c4a2b95b824d6
- https://git.kernel.org/stable/c/6a34f3b0d7f11fb6ed72da315fd2360abd9c0737
- https://git.kernel.org/stable/c/95f6580352a7225e619551febb83595bcb77ab17
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10.13
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.11.2
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.54