CVE-2024-46743: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-46743 is a vulnerability in the Linux kernel's device tree and open firmware driver that was discovered and disclosed in September 2024. The vulnerability involves an out-of-bounds read condition in the interrupt map walk functionality when of_irq_parse_raw() is invoked with a device address smaller than the interrupt parent node (NVD).

The vulnerability occurs in the Linux kernel's of/irq subsystem when processing device addresses during interrupt mapping. Specifically, when of_irq_parse_raw() is called with a device address smaller than the interrupt parent node (derived from #address-cells property), it can trigger an out-of-bounds read. The issue has been assigned a CVSS v3.1 base score of 7.1 HIGH with vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H (NVD).

The vulnerability could lead to an out-of-bounds read in the kernel memory, potentially exposing sensitive information. The KASAN (Kernel Address Sanitizer) detects this as a slab-out-of-bounds read, which could result in information disclosure or system instability (Kernel Patch).

The issue has been patched by implementing a fix that copies the device address into a buffer of sufficient size, preventing the out-of-bounds read. The fix involves modifying the of_irq_parse_one() function to properly handle address size limitations (Kernel Patch).