SB20240625128 - Out-of-bounds read in Linux kernel clk bcm driver
Published: June 25, 2024 Updated: May 13, 2025
Security Bulletin ID
SB20240625128
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Out-of-bounds read (CVE-ID: CVE-2024-39462)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the clk_dvp_probe() function in drivers/clk/bcm/clk-bcm2711-dvp.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/0dc913217fb79096597005bba9ba738e2db5cd02
- https://git.kernel.org/stable/c/a1dd92fca0d6b58b55ed0484f75d4205dbb77010
- https://git.kernel.org/stable/c/9368cdf90f52a68120d039887ccff74ff33b4444
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.34