Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

An out-of-bounds read flaw was found in pci_dev_for_each_resource() in the Linux Kernel. The pointer in the pci_dev_for_each_resource() may be wrong. For example, it might be used for the out-of-bounds read. This issue was identified by the Coverity static analysis tool, which flagged a pointer (res) that could be used incorrectly, potentially leading to accessing memory outside its bounds.

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

In the Linux kernel, the following vulnerability has been resolved: PCI: Avoid potential out-of-bounds read in pci_dev_for_each_resource() Coverity complains that pointer in the pci_dev_for_each_resource() may be wrong, i.e., might be used for the out-of-bounds read. There is no actual issue right now because we have another check afterwards and the out-of-bounds read is not being performed. In any case it's better code with this fixed, hence the proposed change. As Jonas pointed out "It probably makes the code slightly less performant as res will now be checked for being not NULL (which will always be true), but I doubt it will be significant (or in any hot paths)."

Уязвимость функции pci_dev_for_each_resource() компонента PCI ядра операционной системы Linux, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации или вызвать отказ в обслуживании

Множественные уязвимости kernel-lt

ELSA-2024-9315: kernel security update (MODERATE)