Out-of-bounds read in Linux kernel clk qcom driver
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2024-26965 |
| CWE-ID | CWE-125 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Out-of-bounds read
EUVDB-ID: #VU91393
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26965
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the F() function in drivers/clk/qcom/mmcc-msm8974.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: All versions
External linkshttp://git.kernel.org/stable/c/99740c4791dc8019b0d758c5389ca6d1c0604d95
http://git.kernel.org/stable/c/86bf75d9158f511db7530bc82a84b19a5134d089
http://git.kernel.org/stable/c/3ff4a0f6a8f0ad4b4ee9e908bdfc3cacb7be4060
http://git.kernel.org/stable/c/8f562f3b25177c2055b20fd8cf000496f6fa9194
http://git.kernel.org/stable/c/537040c257ab4cd0673fbae048f3940c8ea2e589
http://git.kernel.org/stable/c/7e9926fef71e514b4a8ea9d11d5a84d52b181362
http://git.kernel.org/stable/c/ae99e199037c580b7350bfa3596f447a53bcf01f
http://git.kernel.org/stable/c/ca2cf98d46748373e830a13d85d215d64a2d9bf2
http://git.kernel.org/stable/c/e2c02a85bf53ae86d79b5fccf0a75ac0b78e0c96
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
