CVE-2024-46823

kunit/overflow: Fix UB in overflow_allocation_test

Description

In the Linux kernel, the following vulnerability has been resolved: kunit/overflow: Fix UB in overflow_allocation_test The 'device_name' array doesn't exist out of the 'overflow_allocation_test' function scope. However, it is being used as a driver name when calling 'kunit_driver_create' from 'kunit_device_register'. It produces the kernel panic with KASAN enabled. Since this variable is used in one place only, remove it and pass the device name into kunit_device_register directly as an ascii string.

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.05%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/cacce7faa7c475cea55e82cc3a27794561fac157
https://git.kernel.org/stable/c/99ddb9c58511f1b71e23d02a06082bf6d2dd2133
https://git.kernel.org/stable/c/d1207f07decc66546a7fa463d2f335a856c986ef patch
https://git.kernel.org/stable/c/92e9bac18124682c4b99ede9ee3bcdd68f121e92 patch

Frequently Asked Questions

What is the severity of CVE-2024-46823?
CVE-2024-46823 has been scored as a medium severity vulnerability.
How to fix CVE-2024-46823?
To fix CVE-2024-46823, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-46823 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-46823 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-46823?
CVE-2024-46823 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.