CVE-2024-47663

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-47663
In the Linux kernel, the following vulnerability has been resolved: staging: iio: frequency: ad9834: Validate frequency parameter value In ad9834_write_frequency() clk_get_rate() can return 0. In such case ad9834_calc_freqreg() call will lead to division by zero. Checking 'if (fout > (clk_freq / 2))' doesn't protect in case of 'fout' is 0. ad9834_write_frequency() is called from ad9834_write(), where fout is taken from text buffer, which can contain any value. Modify parameters checking. Found by Linux Verification Center (linuxtesting.org) with SVACE.

5.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://git.kernel.org/stable/c/0e727707a239d5c519fc9abc2f0fd913516a7e47 Patch
https://git.kernel.org/stable/c/3ba9abfcaa9e16bb91ed7e0e2b42e94a157a953e Patch
https://git.kernel.org/stable/c/41cc91e3138fe52f8da92a81bebcd0e6cf488c53 Patch
https://git.kernel.org/stable/c/5edc3a45ef428501000a7b23d0e1777a548907f6
https://git.kernel.org/stable/c/8961b245e8f92bccbaacfbbdf69eba60e3e7c227 Patch
https://git.kernel.org/stable/c/b48aa991758999d4e8f9296c5bbe388f293ef465 Patch
https://git.kernel.org/stable/c/d8b09a5edc4a634373158c1a405491de3c52e58a Patch
https://git.kernel.org/stable/c/dc12e49f970b08d8b007b8981b97e2eb93c0e89d Patch
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.11:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.11:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.11:rc6:*:*:*:*:*:*
History

08 Nov 2024, 16:15

Type Values Removed Values Added
References
  • () https://git.kernel.org/stable/c/5edc3a45ef428501000a7b23d0e1777a548907f6 -

23 Oct 2024, 16:50

Type Values Removed Values Added
CWE CWE-369
First Time Linux linux Kernel
Linux
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.5
References () https://git.kernel.org/stable/c/0e727707a239d5c519fc9abc2f0fd913516a7e47 - () https://git.kernel.org/stable/c/0e727707a239d5c519fc9abc2f0fd913516a7e47 - Patch
References () https://git.kernel.org/stable/c/3ba9abfcaa9e16bb91ed7e0e2b42e94a157a953e - () https://git.kernel.org/stable/c/3ba9abfcaa9e16bb91ed7e0e2b42e94a157a953e - Patch
References () https://git.kernel.org/stable/c/41cc91e3138fe52f8da92a81bebcd0e6cf488c53 - () https://git.kernel.org/stable/c/41cc91e3138fe52f8da92a81bebcd0e6cf488c53 - Patch
References () https://git.kernel.org/stable/c/8961b245e8f92bccbaacfbbdf69eba60e3e7c227 - () https://git.kernel.org/stable/c/8961b245e8f92bccbaacfbbdf69eba60e3e7c227 - Patch
References () https://git.kernel.org/stable/c/b48aa991758999d4e8f9296c5bbe388f293ef465 - () https://git.kernel.org/stable/c/b48aa991758999d4e8f9296c5bbe388f293ef465 - Patch
References () https://git.kernel.org/stable/c/d8b09a5edc4a634373158c1a405491de3c52e58a - () https://git.kernel.org/stable/c/d8b09a5edc4a634373158c1a405491de3c52e58a - Patch
References () https://git.kernel.org/stable/c/dc12e49f970b08d8b007b8981b97e2eb93c0e89d - () https://git.kernel.org/stable/c/dc12e49f970b08d8b007b8981b97e2eb93c0e89d - Patch
CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.11:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.11:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.11:rc5:*:*:*:*:*:*

10 Oct 2024, 12:51

Type Values Removed Values Added
Summary
  • (es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: staging: iio: frequency: ad9834: Validar el valor del parámetro de frecuencia En ad9834_write_frequency(), clk_get_rate() puede devolver 0. En tal caso, la llamada a ad9834_calc_freqreg() dará lugar a una división por cero. La comprobación de 'if (fout > (clk_freq / 2))' no protege en caso de que 'fout' sea 0. ad9834_write_frequency() se llama desde ad9834_write(), donde fout se toma del búfer de texto, que puede contener cualquier valor. Comprobación de modificación de parámetros. Encontrado por Linux Verification Center (linuxtesting.org) con SVACE.

09 Oct 2024, 15:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-10-09 15:15

Updated : 2024-11-08 16:15

NVD link : CVE-2024-47663

Mitre link : CVE-2024-47663

CVE.ORG link : CVE-2024-47663

JSON object : View

Products Affected

linux

  • linux_kernel
CWE
CWE-369

Divide By Zero


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024