Fix Underflows in hwmon with kstrtol
CVE-2024-46756

7.8HIGH

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
18 September 2024

What is CVE-2024-46756?

A vulnerability in the Linux kernel's hwmon subsystem specifically impacts the W83627EHF hardware monitoring driver. The issue arises during operations that write limit attributes, which can lead to underflows when a large negative number is input by the user. This scenario typically occurs when invalid data is manipulated via the DIV_ROUND_CLOSEST function following the kstrtol input conversion. This flaw has been addressed by reordering the operations within the clamp_val() and DIV_ROUND_CLOSEST() functions to prevent such underflows, enhancing the overall security of the kernel during hardware monitoring operations.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 93cf73a7bfdce683bde3a7bb65f270d3bd24497b

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 77ab0fd231c4ca873ec6908e761970360acc6df2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 56cfdeb2c77291f0b5e4592731adfb6ca8fc7c24

References

https://git.kernel.org/stable/c/93cf73a7bfdce683bde3a7bb6...
https://git.kernel.org/stable/c/77ab0fd231c4ca873ec6908e7...
https://git.kernel.org/stable/c/56cfdeb2c77291f0b5e459273...

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.