fkie_cve-2024-57998
Vulnerability from fkie_nvd
Published
2025-02-27 02:15
Modified
2025-02-27 02:15
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: OPP: add index check to assert to avoid buffer overflow in _read_freq() Pass the freq index to the assert function to make sure we do not read a freq out of the opp->rates[] table when called from the indexed variants: dev_pm_opp_find_freq_exact_indexed() or dev_pm_opp_find_freq_ceil/floor_indexed(). Add a secondary parameter to the assert function, unused for assert_single_clk() then add assert_clk_index() which will check for the clock index when called from the _indexed() find functions.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/774dd6f0f0a61c9c3848e025d7d9eeed1a7ca4cd
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/7d68c20638e50d5eb4576492a7958328ae445248
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/d659bc68ed489022ea33342cfbda2911a81e7a0d
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/da2a6acc73933b7812c94794726e438cde39e037
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/eb6ffa0192ba83ece1a318b956265519c5c7dcec
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nOPP: add index check to assert to avoid buffer overflow in _read_freq()\n\nPass the freq index to the assert function to make sure\nwe do not read a freq out of the opp-\u003erates[] table when called\nfrom the indexed variants:\ndev_pm_opp_find_freq_exact_indexed() or\ndev_pm_opp_find_freq_ceil/floor_indexed().\n\nAdd a secondary parameter to the assert function, unused\nfor assert_single_clk() then add assert_clk_index() which\nwill check for the clock index when called from the _indexed()\nfind functions."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: OPP: agregar comprobaci\u00f3n de \u00edndice a assert para evitar el desbordamiento de b\u00fafer en _read_freq() Pasar el \u00edndice freq a la funci\u00f3n assert para asegurarnos de que no leemos un freq de la tabla opp-\u0026gt;rates[] cuando se llama desde las variantes indexadas: dev_pm_opp_find_freq_exact_indexed() o dev_pm_opp_find_freq_ceil/floor_indexed(). Agregar un par\u00e1metro secundario a la funci\u00f3n assert, no utilizado para assert_single_clk() y luego agregar assert_clk_index() que verificar\u00e1 el \u00edndice del reloj cuando se llame desde las funciones de b\u00fasqueda _indexed()."
    }
  ],
  "id": "CVE-2024-57998",
  "lastModified": "2025-02-27T02:15:13.820",
  "metrics": {},
  "published": "2025-02-27T02:15:13.820",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/774dd6f0f0a61c9c3848e025d7d9eeed1a7ca4cd"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/7d68c20638e50d5eb4576492a7958328ae445248"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/d659bc68ed489022ea33342cfbda2911a81e7a0d"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/da2a6acc73933b7812c94794726e438cde39e037"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/eb6ffa0192ba83ece1a318b956265519c5c7dcec"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.