CVE-2024-43852

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

I

n the Linux kernel, the following vulnerability has been resolved: hwmon: (ltc2991) re-order conditions to fix off by one bug LTC2991_T_INT_CH_NR is 4. The st->temp_en[] array has LTC2991_MAX_CHANNEL (4) elements. Thus if "channel" is equal to LTC2991_T_INT_CH_NR then we have read one element beyond the end of the array. Flip the conditions around so that we check if "channel" is valid before using it as an array index.

References

Link	Resource
https://git.kernel.org/stable/c/99bf7c2eccff82760fa23ce967cc67c8c219c6a6	Patch
https://git.kernel.org/stable/c/c180311c0a520692e2d0e9ca44dcd6c2ff1b41c4	Patch

Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

History

20 Aug 2024, 19:32

Type	Values Removed	Values Added
References	~~() https://git.kernel.org/stable/c/99bf7c2eccff82760fa23ce967cc67c8c219c6a6 -~~	() https://git.kernel.org/stable/c/99bf7c2eccff82760fa23ce967cc67c8c219c6a6 - Patch
References	~~() https://git.kernel.org/stable/c/c180311c0a520692e2d0e9ca44dcd6c2ff1b41c4 -~~	() https://git.kernel.org/stable/c/c180311c0a520692e2d0e9ca44dcd6c2ff1b41c4 - Patch
First Time		Linux linux Kernel Linux
CWE		CWE-193
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.8
CPE		cpe:2.3:o:linux:linux_kernel::::::::

19 Aug 2024, 12:59

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-08-17 10:15

Updated : 2024-08-20 19:32

NVD link : CVE-2024-43852

Mitre link : CVE-2024-43852

CVE.ORG link : CVE-2024-43852

JSON object : View

Products Affected

linux_kernel

CWE

CWE-193

Off-by-one Error

{"id": "CVE-2024-43852", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2024-08-17T10:15:10.310", "references": [{"url": "https://git.kernel.org/stable/c/99bf7c2eccff82760fa23ce967cc67c8c219c6a6", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/c180311c0a520692e2d0e9ca44dcd6c2ff1b41c4", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-193"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (ltc2991) re-order conditions to fix off by one bug\n\nLTC2991_T_INT_CH_NR is 4. The st->temp_en[] array has LTC2991_MAX_CHANNEL\n(4) elements. Thus if \"channel\" is equal to LTC2991_T_INT_CH_NR then we\nhave read one element beyond the end of the array. Flip the conditions\naround so that we check if \"channel\" is valid before using it as an array\nindex."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: hwmon: (ltc2991) condiciones de reordenamiento para corregir un error LTC2991_T_INT_CH_NR es 4. La matriz st->temp_en[] tiene elementos LTC2991_MAX_CHANNEL (4). Por lo tanto, si \"canal\" es igual a LTC2991_T_INT_CH_NR entonces hemos le\u00eddo un elemento m\u00e1s all\u00e1 del final de la matriz. Cambie las condiciones para verificar si \"canal\" es v\u00e1lido antes de usarlo como \u00edndice de matriz."}], "lastModified": "2024-08-20T19:32:55.747", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "92D388F2-1EAF-4CFA-AC06-5B26D762EA7D", "versionEndExcluding": "6.10.3", "versionStartIncluding": "6.7"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}