Vulnerability Details CVE-2024-42100
In the Linux kernel, the following vulnerability has been resolved:
clk: sunxi-ng: common: Don't call hw_to_ccu_common on hw without common
In order to set the rate range of a hw sunxi_ccu_probe calls
hw_to_ccu_common() assuming all entries in desc->ccu_clks are contained
in a ccu_common struct. This assumption is incorrect and, in
consequence, causes invalid pointer de-references.
Remove the faulty call. Instead, add one more loop that iterates over
the ccu_clks and sets the rate range, if required.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 3.8%
CVSS Severity
CVSS v3 Score 5.5
References
- https://git.kernel.org/stable/c/14c78d69dbca6a28af14095f639ec4318ec07fdc
- https://git.kernel.org/stable/c/7a0e2738cb6da5a55c9908dff333600aeb263e07
- https://git.kernel.org/stable/c/ea977d742507e534d9fe4f4d74256f6b7f589338
- https://git.kernel.org/stable/c/14c78d69dbca6a28af14095f639ec4318ec07fdc
- https://git.kernel.org/stable/c/7a0e2738cb6da5a55c9908dff333600aeb263e07
- https://git.kernel.org/stable/c/ea977d742507e534d9fe4f4d74256f6b7f589338
Products affected by CVE-2024-42100
-
cpe:2.3:o:linux:linux_kernel:6.10
-
cpe:2.3:o:linux:linux_kernel:6.6.31
-
cpe:2.3:o:linux:linux_kernel:6.6.32
-
cpe:2.3:o:linux:linux_kernel:6.6.33
-
cpe:2.3:o:linux:linux_kernel:6.6.34
-
cpe:2.3:o:linux:linux_kernel:6.6.35
-
cpe:2.3:o:linux:linux_kernel:6.6.36
-
cpe:2.3:o:linux:linux_kernel:6.6.37
-
cpe:2.3:o:linux:linux_kernel:6.6.38
-
cpe:2.3:o:linux:linux_kernel:6.8.10
-
cpe:2.3:o:linux:linux_kernel:6.8.11
-
cpe:2.3:o:linux:linux_kernel:6.8.12
-
cpe:2.3:o:linux:linux_kernel:6.9
-
cpe:2.3:o:linux:linux_kernel:6.9.1
-
cpe:2.3:o:linux:linux_kernel:6.9.2
-
cpe:2.3:o:linux:linux_kernel:6.9.3
-
cpe:2.3:o:linux:linux_kernel:6.9.4
-
cpe:2.3:o:linux:linux_kernel:6.9.5
-
cpe:2.3:o:linux:linux_kernel:6.9.6
-
cpe:2.3:o:linux:linux_kernel:6.9.7
-
cpe:2.3:o:linux:linux_kernel:6.9.8