Bug 2333984 (CVE-2024-53159)
| Summary: | CVE-2024-53159 kernel: hwmon: (nct6775-core) Fix overflows seen when writing limit attributes | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | dfreiber, drow, jburrell, vkumar |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: |
[REJECTED CVE] A vulnerability was identified in the Linux kernel's nct6775-core hardware monitoring (hwmon) driver, where writing large values (e.g., 18446744073709551615) to limit attributes could cause an overflow due to improper ordering of DIV_ROUND_CLOSEST() and clamp_val(). This flaw allowed unintended behavior when setting sensor limits, potentially leading to incorrect readings or improper thermal and voltage regulation. Exploitation required local user privileges to write to the relevant sysfs attributes.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
OSIDB Bzimport
2024-12-24 12:02:17 UTC
Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024122430-CVE-2024-53159-f910@gregkh/T This CVE has been rejected upstream: https://lore.kernel.org/linux-cve-announce/2025010928-REJECTED-a508@gregkh/ |