CVE-2024-43852

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Aug 17, 2024

Updated: Aug 19, 2024

CWE ID 193

Summary

CVE-2024-43852 is a vulnerability affecting the Linux kernel's hwmon module for LTC2991 temperature sensors. The issue arises from a condition where the array index is checked after the array size validation. Specifically, the st->temp_en array, which has LTC2991_MAX_CHANNEL (4) elements, is accessed when the 'channel' parameter is set to LTC2991_T_INT_CH_NR (also 4). This results in reading beyond the end of the array. The vulnerability has been mitigated by reversing the order of the conditions to ensure proper array index validation.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Linux Kernel

Affected Vendors

LINUX

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/x1Z0vR
https://www.cve.org/CVERecord?id=CVE-2024-43852
https://nvd.nist.gov/vuln/detail/CVE-2024-43852

Back to Vulnerability Database