Improper Handling of Clock Data in Linux Kernel by MediaTek
CVE-2024-56684

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
28 December 2024

What is CVE-2024-56684?

This vulnerability pertains to the Linux kernel's mailbox subsystem, specifically within the MediaTek implementation. It arises from an incorrect usage of the 'sizeof' operator in the cmdq_get_clocks() function, where the size of the clk_bulk_data structure should be calculated instead of the data pointer passed to the devm_kcalloc() function. This miscalculation can potentially result in memory corruption or improper memory allocation. Addressing this issue is critical to maintain the integrity and security of affected MediaTek products.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux aa1609f571caba0db102c611829d48adf226bb70 < 31986fad0cfdda8d8893230da04f5eb0774854d9

Linux aa1609f571caba0db102c611829d48adf226bb70

Linux aa1609f571caba0db102c611829d48adf226bb70 < 271ee263cc8771982809185007181ca10346fe73

References

https://git.kernel.org/stable/c/31986fad0cfdda8d8893230da...
https://git.kernel.org/stable/c/a9c7cb960fc6e056ebecebd13...
https://git.kernel.org/stable/c/271ee263cc877198280918500...

Timeline

  • Vulnerability published

JSON
.