2348618 – (CVE-2024-57953) CVE-2024-57953 kernel: rtc: tps6594: Fix integer overflow on 32bit systems

Bug 2348618 (CVE-2024-57953) - CVE-2024-57953 kernel: rtc: tps6594: Fix integer overflow on 32bit systems

Summary: CVE-2024-57953 kernel: rtc: tps6594: Fix integer overflow on 32bit systems

Keywords:
Status:	NEW
Alias:	CVE-2024-57953
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-02-27 03:05 UTC by OSIDB Bzimport
Modified:	2025-03-06 08:35 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-02-27 03:05:19 UTC

In the Linux kernel, the following vulnerability has been resolved:

rtc: tps6594: Fix integer overflow on 32bit systems

The problem is this multiply in tps6594_rtc_set_offset()

	tmp = offset * TICKS_PER_HOUR;

The "tmp" variable is an s64 but "offset" is a long in the
(-277774)-277774 range.  On 32bit systems a long can hold numbers up to
approximately two billion.  The number of TICKS_PER_HOUR is really large,
(32768 * 3600) or roughly a hundred million.  When you start multiplying
by a hundred million it doesn't take long to overflow the two billion
mark.

Probably the safest way to fix this is to change the type of
TICKS_PER_HOUR to long long because it's such a large number.

Comment 1 Michal Findra 2025-02-27 12:54:26 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025022631-CVE-2024-57953-9830@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.