CVE-2024-53081

media: ar0521: don't overflow when checking PLL values

CVSS 5.5 MEDIUMEPSS 0.2%CWE-191

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 5.5EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

19 Nov 2024Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

In the Linux kernel, the following vulnerability has been resolved: media: ar0521: don't overflow when checking PLL values The PLL checks are comparing 64 bit integers with 32 bit ones, as reported by Coverity. Depending on the values of the variables, this may underflow. Fix it ensuring that both sides of the expression are u64.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected products

Linux · Linux

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://git.kernel.org/stable/c/438d3085ba5b8b5bfa5290faa594e577f6ac9aa7 https://git.kernel.org/stable/c/5e1523076acf95b4ea68d19b6f27e6891267cc24 https://git.kernel.org/stable/c/97ed0c0332d5525653668b31acf62ff1e6b50784 https://git.kernel.org/stable/c/a244b82d0ae60326901f2b50c15e3118298b7ecd https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html