Underflow Fix in Linux Kernel's hwmon Module
CVE-2024-46758

7.8HIGH

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
18 September 2024

What is CVE-2024-46758?

The vulnerability in the Linux kernel's hwmon module for the lm95234 component arises when writing limit attributes, triggered by user-provided input. Specifically, it can lead to an underflow when a large negative number, such as -9223372036854775808, is processed. The issue is addressed by adjusting the order of operations in the clamp_val() and DIV_ROUND_CLOSEST() functions, ensuring the kernel can handle extreme values more securely. The resolution emphasizes the need for developers to validate user inputs rigorously, mitigating potential exploits that target flaws in the handling of numeric limits.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 93f0f5721d0cca45dac50af1ae6f9a9826c699fd

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 438453dfbbdcf4be26891492644aa3ecbb42c336

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 59c1fb9874a01c9abc49a0a32f192a7e7b4e2650

References

https://git.kernel.org/stable/c/93f0f5721d0cca45dac50af1a...
https://git.kernel.org/stable/c/438453dfbbdcf4be268914926...
https://git.kernel.org/stable/c/59c1fb9874a01c9abc49a0a32...

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.