| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024091841-CVE-2024-46757-4fbb@gregkh> Date: Wed, 18 Sep 2024 09:16:52 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2024-46757: hwmon: (nct6775-core) Fix underflows seen when writing limit attributes Description =========== In the Linux kernel, the following vulnerability has been resolved: hwmon: (nct6775-core) Fix underflows seen when writing limit attributes DIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large negative number such as -9223372036854775808 is provided by the user. Fix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations. The Linux kernel CVE team has assigned CVE-2024-46757 to this issue. Affected and fixed versions =========================== Fixed in 4.19.322 with commit 298a55f11edd Fixed in 5.4.284 with commit d6035c55fa9a Fixed in 5.10.226 with commit 8a1e958e2664 Fixed in 5.15.167 with commit 02bb3b4c7d56 Fixed in 6.1.110 with commit 0c23e18cef20 Fixed in 6.6.51 with commit 2f695544084a Fixed in 6.10.10 with commit 996221b03099 Fixed in 6.11 with commit 0403e10bf082 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2024-46757 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/hwmon/nct6775-core.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/298a55f11edd811f2189b74eb8f53dee34d4f14c https://git.kernel.org/stable/c/d6035c55fa9afefc23f85f57eff1d4a1d82c5b10 https://git.kernel.org/stable/c/8a1e958e26640ce015abdbb75c8896301b9bf398 https://git.kernel.org/stable/c/02bb3b4c7d5695ff4be01e0f55676bba49df435e https://git.kernel.org/stable/c/0c23e18cef20b989a9fd7cb0a745e1259b969159 https://git.kernel.org/stable/c/2f695544084a559f181cafdfd3f864c5ff9dd1db https://git.kernel.org/stable/c/996221b030995cc5f5baa4a642201d64b62a17cd https://git.kernel.org/stable/c/0403e10bf0824bf0ec2bb135d4cf1c0cc3bf4bf0
Powered by blists - more mailing lists