CVE-2024-26966

clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays

Severity Score

5.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays The frequency table arrays are supposed to be terminated with an
empty element. Add such entry to the end of the arrays where it
is missing in order to avoid possible out-of-bound access when
the table is traversed by functions like qcom_find_freq() or
qcom_find_freq_floor(). Only compile tested.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: clk: qcom: mmcc-apq8084: corrección de terminación de matrices de tablas de frecuencia Se supone que las matrices de tablas de frecuencia terminan con un elemento vacío. Agregue dicha entrada al final de las matrices donde falta para evitar un posible acceso fuera de los límites cuando la tabla es atravesada por funciones como qcom_find_freq() o qcom_find_freq_floor(). Solo compilar probado.

In the Linux kernel, the following vulnerability has been resolved: clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays The frequency table arrays are supposed to be terminated with an empty element. Add such entry to the end of the arrays where it is missing in order to avoid possible out-of-bound access when the table is traversed by functions like qcom_find_freq() or qcom_find_freq_floor(). Only compile tested.

Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-02-19 CVE Reserved
2024-05-01 CVE Published
2024-12-19 CVE Updated
2025-03-29 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (12)

URL	Tag	Source
https://git.kernel.org/stable/c/2b46cd23a5a2cf0b8d3583338b63409f5e78e7cd	Vuln. Introduced
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/5533686e99b04994d7c4877dc0e4282adc9444a2	2024-04-13
https://git.kernel.org/stable/c/b2dfb216f32627c2f6a8041f2d9d56d102ab87c0	2024-04-13
https://git.kernel.org/stable/c/a09aecb6cb482de88301c43bf00a6c8726c4d34f	2024-04-13
https://git.kernel.org/stable/c/3aedcf3755c74dafc187eb76acb04e3e6348b1a9	2024-04-10
https://git.kernel.org/stable/c/185de0b7cdeaad8b89ebd4c8a258ff2f21adba99	2024-04-03
https://git.kernel.org/stable/c/9b4c4546dd61950e80ffdca1bf6925f42b665b03	2024-04-03
https://git.kernel.org/stable/c/7e5432401536117c316d7f3b21d46b64c1514f38	2024-04-03
https://git.kernel.org/stable/c/5638330150db2cc30b53eed04e481062faa3ece8	2024-04-03
https://git.kernel.org/stable/c/a903cfd38d8dee7e754fb89fd1bebed99e28003d	2024-03-02

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.17 < 4.19.312 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.17 < 4.19.312"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.17 < 5.4.274 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.17 < 5.4.274"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.17 < 5.10.215 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.17 < 5.10.215"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.17 < 5.15.154 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.17 < 5.15.154"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.17 < 6.1.84 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.17 < 6.1.84"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.17 < 6.6.24 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.17 < 6.6.24"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.17 < 6.7.12 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.17 < 6.7.12"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.17 < 6.8.3 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.17 < 6.8.3"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.17 < 6.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.17 < 6.9"		en		Affected