CVE-2024-26664

hwmon: (coretemp) Fix out-of-bounds memory access

Severity Score

6.0

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

hwmon: (coretemp) Fix out-of-bounds memory access

Fix a bug that pdata->cpu_map[] is set before out-of-bounds check.
The problem might be triggered on systems with more than 128 cores per
package.

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: hwmon: (coretemp) Arreglar el acceso a memoria fuera de los límites Arreglar un error que pdata->cpu_map[] está configurado antes de la verificación de los límites. El problema podría surgir en sistemas con más de 128 núcleos por paquete.

*Credits: N/A

CVSS Scores

Red Hatv3.1 6.0

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-02-19 CVE Reserved
2024-04-02 CVE Published
2024-04-02 EPSS Updated
2024-09-11 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-125: Out-of-bounds Read

CAPEC

References (18)

URL	Tag	Source
https://git.kernel.org/stable/c/4f9dcadc55c21b39b072bb0882362c7edc4340bc	Vuln. Introduced
https://git.kernel.org/stable/c/c00cdfc9bd767ee743ad3a4054de17aeb0afcbca	Vuln. Introduced
https://git.kernel.org/stable/c/d9f0159da05df869071164edf0c6d7302efc5eca	Vuln. Introduced
https://git.kernel.org/stable/c/30cf0dee372baf9b515f2d9c7218f905fddf3cdb	Vuln. Introduced
https://git.kernel.org/stable/c/7108b80a542b9d65e44b36d64a700a83658c0b73	Vuln. Introduced
https://git.kernel.org/stable/c/d1de8e1ae924d9dc31548676e4a665b52ebee27e	Vuln. Introduced
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/93f0f4e846fcb682c3ec436e3b2e30e5a3a8ee6a	2024-02-23
https://git.kernel.org/stable/c/1eb74c00c9c3b13cb65e508c5d5a2f11afb96b8b	2024-02-23
https://git.kernel.org/stable/c/f0da068c75c20ffc5ba28243ff577531dc2af1fd	2024-02-23
https://git.kernel.org/stable/c/a16afec8e83c56b14a4a73d2e3fb8eec3a8a057e	2024-02-23
https://git.kernel.org/stable/c/9bce69419271eb8b2b3ab467387cb59c99d80deb	2024-02-16
https://git.kernel.org/stable/c/853a6503c586a71abf27e60a7f8c4fb28092976d	2024-02-16
https://git.kernel.org/stable/c/3a7753bda55985dc26fae17795cb10d825453ad1	2024-02-16
https://git.kernel.org/stable/c/4e440abc894585a34c2904a32cd54af1742311b3	2024-02-04

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2024-26664	2024-06-05
https://bugzilla.redhat.com/show_bug.cgi?id=2272791	2024-06-05

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.19.264 < 4.19.307 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.19.264 < 4.19.307"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.4.221 < 5.4.269 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4.221 < 5.4.269"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.10.152 < 5.10.210 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10.152 < 5.10.210"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.15.76 < 5.15.149 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15.76 < 5.15.149"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.1 < 6.1.78 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1 < 6.1.78"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.1 < 6.6.17 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1 < 6.6.17"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.1 < 6.7.5 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1 < 6.7.5"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.1 < 6.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1 < 6.8"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				6.0.6 Search vendor "Linux" for product "Linux Kernel" and version "6.0.6"		en		Affected