ByteOS Network

NVD Vulnerability Details :

CVE-2024-43852

Analyzed

Source-416baaa9-dc9f-4396-8d5f-8c081fb06d67

Published At-17 Aug, 2024 | 10:15

Updated At-20 Aug, 2024 | 19:32

In the Linux kernel, the following vulnerability has been resolved: hwmon: (ltc2991) re-order conditions to fix off by one bug LTC2991_T_INT_CH_NR is 4. The st->temp_en[] array has LTC2991_MAX_CHANNEL (4) elements. Thus if "channel" is equal to LTC2991_T_INT_CH_NR then we have read one element beyond the end of the array. Flip the conditions around so that we check if "channel" is valid before using it as an array index.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Type: Primary

Version: 3.1

Base score: 7.8

Base severity: HIGH

Vector:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CPE Matches

Linux Kernel Organization, Inc

>>linux_kernel>>Versions from 6.7(inclusive) to 6.10.3(exclusive)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-193	Primary	nvd@nist.gov

CWE ID: CWE-193

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
https://git.kernel.org/stable/c/99bf7c2eccff82760fa23ce967cc67c8c219c6a6	416baaa9-dc9f-4396-8d5f-8c081fb06d67	Patch
https://git.kernel.org/stable/c/c180311c0a520692e2d0e9ca44dcd6c2ff1b41c4	416baaa9-dc9f-4396-8d5f-8c081fb06d67	Patch

Hyperlink: https://git.kernel.org/stable/c/99bf7c2eccff82760fa23ce967cc67c8c219c6a6

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Resource:

Patch

Hyperlink: https://git.kernel.org/stable/c/c180311c0a520692e2d0e9ca44dcd6c2ff1b41c4

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Resource:

Patch

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History