Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-53159

Опубликовано: 24 дек. 2024
Источник: redhat
CVSS3: 5.5

Описание

[REJECTED CVE] A vulnerability was identified in the Linux kernel's nct6775-core hardware monitoring (hwmon) driver, where writing large values (e.g., 18446744073709551615) to limit attributes could cause an overflow due to improper ordering of DIV_ROUND_CLOSEST() and clamp_val(). This flaw allowed unintended behavior when setting sensor limits, potentially leading to incorrect readings or improper thermal and voltage regulation. Exploitation required local user privileges to write to the relevant sysfs attributes.

Отчет

This CVE has been rejected upstream: https://lore.kernel.org/linux-cve-announce/2025010928-REJECTED-a508@gregkh/ Red Hat has also evaluated this issue and determined that it does not meet the criteria to be classified as a security vulnerability. This assessment is based on the issue not posing a significant security risk, being a result of misconfiguration or usage error, or falling outside the scope of security considerations. As such, this CVE has been marked as "Rejected" in alignment with Red Hat's vulnerability management policies. If you have additional information or concerns regarding this determination, please contact Red Hat Product Security for further clarification.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelNot affected
Red Hat Enterprise Linux 7kernel-rtNot affected
Red Hat Enterprise Linux 8kernelNot affected
Red Hat Enterprise Linux 8kernel-rtNot affected
Red Hat Enterprise Linux 9kernelNot affected
Red Hat Enterprise Linux 9kernel-rtNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=2333984kernel: hwmon: (nct6775-core) Fix overflows seen when writing limit attributes

5.5 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2024-53159

nvd
6 месяцев назад

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

github логотип

GHSA-vjx6-h67c-v5gj

github
6 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: hwmon: (nct6775-core) Fix overflows seen when writing limit attributes DIV_ROUND_CLOSEST() after kstrtoul() results in an overflow if a large number such as 18446744073709551615 is provided by the user. Fix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations.

fstec логотип

BDU:2025-00038

CVSS3: 5.5
fstec
7 месяцев назад

Уязвимость функции DIV_ROUND_CLOSEST() драйвера микросхемы Nuvoton NCT6775F (drivers/hwmon/nct6775-core.c) ядра операционной системы Linux, позволяющая нарушителю оказать влияние на доступность защищаемой информации

redos логотип

ROS-20250320-01

CVSS3: 7.8
redos
3 месяца назад

Множественные уязвимости kernel-lt

suse-cvrf логотип

SUSE-SU-2025:0153-1

suse-cvrf
5 месяцев назад

Security update for the Linux Kernel

5.5 Medium

CVSS3