CVE-2024-26970
clk: qcom: gcc-ipq6018: fix terminating of frequency table arrays
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.5EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
01 May 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
In the Linux kernel, the following vulnerability has been resolved:
clk: qcom: gcc-ipq6018: fix terminating of frequency table arrays
The frequency table arrays are supposed to be terminated with an
empty element. Add such entry to the end of the arrays where it
is missing in order to avoid possible out-of-bound access when
the table is traversed by functions like qcom_find_freq() or
qcom_find_freq_floor().
Only compile tested.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected products
Linux · LinuxReferences
https://git.kernel.org/stable/c/421b135aceace99789c982f6a77ce9476564fb52https://git.kernel.org/stable/c/852db52b45ea96dac2720f108e7c7331cd3738bbhttps://git.kernel.org/stable/c/ae60e3342296f766f88911d39199f77b05f657a6https://git.kernel.org/stable/c/b4527ee3de365a742215773d20f07db3e2c06f3bhttps://git.kernel.org/stable/c/cdbc6e2d8108bc47895e5a901cfcaf799b00ca8dhttps://git.kernel.org/stable/c/db4066e3ab6b3d918ae2b92734a89c04fe82cc1dhttps://git.kernel.org/stable/c/dcb13b5c9ae8743f99a96f392186527c3df89198https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html