Описание
[REJECTED CVE] A vulnerability in the Linux kernel's hwmon subsystem (w83627ehf driver) has been identified, where writing large negative values (e.g., -9223372036854775808) to limit attributes caused an underflow due to improper ordering of operations in DIV_ROUND_CLOSEST(). An attacker with write access to these attributes could potentially trigger unexpected behavior or system instability.
Отчет
This CVE has been rejected upstream: https://lore.kernel.org/linux-cve-announce/2025010926-REJECTED-337e@gregkh/ The security impact is limited. Privileged user can set some value out of boundaries for hardware that potentially can crash this hardware.
Меры по смягчению последствий
To mitigate this issue, prevent module w83627ehf from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | kernel | Out of support scope | ||
| Red Hat Enterprise Linux 7 | kernel | Out of support scope | ||
| Red Hat Enterprise Linux 7 | kernel-rt | Out of support scope | ||
| Red Hat Enterprise Linux 8 | kernel | Will not fix | ||
| Red Hat Enterprise Linux 8 | kernel-rt | Will not fix | ||
| Red Hat Enterprise Linux 9 | kernel-rt | Affected | ||
| Red Hat Enterprise Linux 9 | kernel | Fixed | RHSA-2025:6966 | 13.05.2025 |
| Red Hat Enterprise Linux 9 | kernel | Fixed | RHSA-2025:6966 | 13.05.2025 |
Показывать по
Дополнительная информация
Статус:
4.4 Medium
CVSS3
Связанные уязвимости
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
In the Linux kernel, the following vulnerability has been resolved: hwmon: (w83627ehf) Fix underflows seen when writing limit attributes DIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large negative number such as -9223372036854775808 is provided by the user. Fix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations.
Уязвимость функций DIV_ROUND_CLOSEST() ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
4.4 Medium
CVSS3