CVE-2024-47663

staging: iio: frequency: ad9834: Validate frequency parameter value

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

staging: iio: frequency: ad9834: Validate frequency parameter value

In ad9834_write_frequency() clk_get_rate() can return 0. In such case
ad9834_calc_freqreg() call will lead to division by zero. Checking
'if (fout > (clk_freq / 2))' doesn't protect in case of 'fout' is 0.
ad9834_write_frequency() is called from ad9834_write(), where fout is
taken from text buffer, which can contain any value.

Modify parameters checking.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-09-30 CVE Reserved
2024-10-09 CVE Published
2024-10-24 EPSS Updated
2024-11-08 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (9)

URL	Tag	Source
https://git.kernel.org/stable/c/12b9d5bf76bfa20d3207ef24fca9c8254a586a58	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/5edc3a45ef428501000a7b23d0e1777a548907f6	2024-11-08
https://git.kernel.org/stable/c/0e727707a239d5c519fc9abc2f0fd913516a7e47	2024-09-12
https://git.kernel.org/stable/c/41cc91e3138fe52f8da92a81bebcd0e6cf488c53	2024-09-12
https://git.kernel.org/stable/c/d8b09a5edc4a634373158c1a405491de3c52e58a	2024-09-12
https://git.kernel.org/stable/c/3ba9abfcaa9e16bb91ed7e0e2b42e94a157a953e	2024-09-12
https://git.kernel.org/stable/c/dc12e49f970b08d8b007b8981b97e2eb93c0e89d	2024-09-12
https://git.kernel.org/stable/c/8961b245e8f92bccbaacfbbdf69eba60e3e7c227	2024-09-12
https://git.kernel.org/stable/c/b48aa991758999d4e8f9296c5bbe388f293ef465	2024-07-29

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.38 < 4.19.323 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.38 < 4.19.323"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.38 < 5.4.284 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.38 < 5.4.284"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.38 < 5.10.226 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.38 < 5.10.226"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.38 < 5.15.167 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.38 < 5.15.167"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.38 < 6.1.110 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.38 < 6.1.110"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.38 < 6.6.51 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.38 < 6.6.51"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.38 < 6.10.10 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.38 < 6.10.10"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.38 < 6.11 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.38 < 6.11"		en		Affected