7.8

CVE-2024-43852

EPSS 0.03%
Veröffentlicht 17.08.2024 10:15:10
Zuletzt bearbeitet 20.08.2024 19:32:55
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

hwmon: (ltc2991) re-order conditions to fix off by one bug

In the Linux kernel, the following vulnerability has been resolved:

hwmon: (ltc2991) re-order conditions to fix off by one bug

LTC2991_T_INT_CH_NR is 4.  The st->temp_en[] array has LTC2991_MAX_CHANNEL
(4) elements.  Thus if "channel" is equal to LTC2991_T_INT_CH_NR then we
have read one element beyond the end of the array.  Flip the conditions
around so that we check if "channel" is valid before using it as an array
index.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 3

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 6.7 < 6.10.3

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.09

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-193 Off-by-one Error

A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.

https://git.kernel.org/stable/c/99bf7c2eccff82760fa23ce967cc67c8c219c6a6

Patch

https://git.kernel.org/stable/c/c180311c0a520692e2d0e9ca44dcd6c2ff1b41c4

Patch

https://nvd.nist.gov/vuln/detail/CVE-2024-43852

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-43852

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-43852

EUVD