#VU97551 Integer underflow in Linux kernel - CVE-2024-46756
Vulnerability identifier: #VU97551
Vulnerability risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-191
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the store_target_temp() and store_tolerance() functions in drivers/hwmon/w83627ehf.c. A local user can execute arbitrary code.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/93cf73a7bfdce683bde3a7bb65f270d3bd24497b
https://git.kernel.org/stable/c/77ab0fd231c4ca873ec6908e761970360acc6df2
https://git.kernel.org/stable/c/56cfdeb2c77291f0b5e4592731adfb6ca8fc7c24
https://git.kernel.org/stable/c/cc4be794c8d8c253770103e097ab9dbdb5f99ae1
https://git.kernel.org/stable/c/d92f0baf99a7e327dcceab37cce57c38aab1f691
https://git.kernel.org/stable/c/8fecb75bff1b7d87a071c32a37aa0700f2be379d
https://git.kernel.org/stable/c/26825b62bd1bd3e53b4f44e0745cb516d5186343
https://git.kernel.org/stable/c/5c1de37969b7bc0abcb20b86e91e70caebbd4f89
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
