Kernel Vulnerability in Linux RTC Affects System Time Management
CVE-2024-56739

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 29 December 2024

Summary

A critical flaw exists in the Linux kernel regarding the Real-Time Clock (RTC) handling, specifically in the __rtc_read_time function. When the reading operation fails, the resultant rtc_time structure may contain uninitialized data or can return an illegal date/time from the RTC hardware. This mismanagement can lead to an extremely large time value being generated, which may adversely affect systems relying on periodic timers in the rtc->timerqueue. Continuous expiration of these timers could eventually result in kernel softlockups, disrupting the stability and performance of affected systems.

Affected Version(s)

Linux 6610e0893b8bc6f59b14fed7f089c5997f035f88 < 39ad0a1ae17b54509cd9e93dcd8cec16e7c12d3f

Linux 6610e0893b8bc6f59b14fed7f089c5997f035f88 < 44b3257ff705d63d5f00ef8ed314a0eeb7ec37f2

Linux 6610e0893b8bc6f59b14fed7f089c5997f035f88 < 0d68e8514d9040108ff7d1b37ca71096674b6efe

References

https://git.kernel.org/stable/c/39ad0a1ae17b54509cd9e93dc...

https://git.kernel.org/stable/c/44b3257ff705d63d5f00ef8ed...

https://git.kernel.org/stable/c/0d68e8514d9040108ff7d1b37...

Timeline

Vulnerability published
Dec 29, 2024
Vulnerability Reserved
Dec 29, 2024

Collectors

NVD DatabaseMitre Database