CVE-2024-46747: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-46747 is a vulnerability in the Linux kernel affecting the Cougar 500k Gaming Keyboard driver. The issue was discovered when the report_fixup function was not verifying the report descriptor size correctly before accessing it, leading to a slab-out-of-bounds read condition. The vulnerability was reported on September 18, 2024, and affects multiple versions of the Linux kernel (NVD).

The vulnerability is classified as a CWE-125 (Out-of-bounds Read) issue with a CVSS v3.1 base score of 7.1 (HIGH). The technical root cause involves the cougar_report_fixup function in the HID driver not properly validating the size of the report descriptor before attempting to access specific array indices, particularly at positions 115 and 116. The fix involves adding a size check (*rsize >= 117) before accessing the descriptor array (Kernel Patch).

The vulnerability could allow an attacker to cause a slab-out-of-bounds read in the Linux kernel when a Cougar 500k Gaming Keyboard is connected. This could potentially lead to information disclosure and system stability issues (NVD).

The vulnerability has been patched in multiple Linux kernel versions. Fixed versions include 6.8.0-50.51 for Ubuntu 24.04 LTS, 5.15.0-125.135 for Ubuntu 22.04 LTS, and 5.4.0-200.220 for Ubuntu 20.04 LTS. Users are advised to update their systems to the patched kernel versions (Ubuntu Security).