CVE-2024-47742: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-47742 is a path traversal vulnerability discovered in the Linux kernel's firmware loader component. The vulnerability affects Linux kernel versions from 3.7 through 6.11.2. The issue was identified in the firmware_loader subsystem where certain firmware names containing string components could be passed through from a device or semi-privileged userspace, potentially allowing path traversal attacks (NVD).

The vulnerability exists in the firmware loader's handling of firmware file names. The issue arises when firmware names are constructed from device-supplied strings or semi-privileged userspace input, rather than being hardcoded. Specifically, this affects three main paths: the lpfc_sli4_request_firmware_update() function using ModelName from VPD, the nfp_net_fw_find() function using model names from nfp_hwinfo_lookup, and the module_flash_fw_schedule() function accessible via ETHTOOL_MSG_MODULE_FW_FLASH_ACT netlink command. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).

If exploited, this vulnerability could allow an attacker to perform path traversal attacks, potentially accessing files outside the intended firmware directory. For example, an attacker could attempt to access sensitive files like '../../../etc/shadow' through maliciously crafted firmware names (Kernel Patch).

The vulnerability has been patched by implementing a check that rejects any firmware names containing '..' path components. The fix has been applied across multiple kernel versions and is available in the kernel updates. The patch validates firmware names by checking for '..' sequences surrounded by either '/' characters or at the start/end of the string (Kernel Patch).