CVE-2024-26968: clk: qcom: gcc-ipq9574: fix terminating of frequency table arrays
First published: Wed May 01 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: clk: qcom: gcc-ipq9574: fix terminating of frequency table arrays The frequency table arrays are supposed to be terminated with an empty element. Add such entry to the end of the arrays where it is missing in order to avoid possible out-of-bound access when the table is traversed by functions like qcom_find_freq() or qcom_find_freq_floor(). Only compile tested.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | >=6.4<6.6.24 | |
| Linux Kernel | >=6.7<6.7.12 | |
| Linux Kernel | >=6.8<6.8.3 | |
| debian/linux | 5.10.223-1 5.10.226-1 6.1.123-1 6.1.119-1 6.12.10-1 6.12.11-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/0204247cf3669b6021fb745c3b7f37ae392ab19c
- https://git.kernel.org/stable/c/1723629fea8a4e75333196866e10d395463dca72
- https://git.kernel.org/stable/c/604f2d7c46727c5e24fc7faddc980bc1cc0b1011
- https://git.kernel.org/stable/c/bd2b6395671d823caa38d8e4d752de2448ae61e1
- https://launchpad.net/bugs/cve/CVE-2024-26968
- https://git.kernel.org/linus/bd2b6395671d823caa38d8e4d752de2448ae61e1
- https://security-tracker.debian.org/tracker/CVE-2024-26968
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26968
- https://nvd.nist.gov/vuln/detail/CVE-2024-26968
- https://ubuntu.com/security/CVE-2024-26968
Frequently Asked Questions
What is the severity of CVE-2024-26968?
CVE-2024-26968 is classified with a severity that could lead to improper handling of frequency table arrays in the Linux kernel.
How do I fix CVE-2024-26968?
To fix CVE-2024-26968, ensure that the frequency table arrays are properly terminated with an empty element in your Linux kernel version.
Which Linux kernel versions are affected by CVE-2024-26968?
CVE-2024-26968 affects Linux kernel versions from 6.4 up to 6.6.24, 6.7, and 6.8 up to 6.8.3.
What specific Linux distributions are impacted by CVE-2024-26968?
Debian versions including linux 5.10.223-1, 5.10.226-1, 6.1.119-1, 6.1.123-1, and 6.12.10-1, 6.12.11-1 are impacted by CVE-2024-26968.
Are there any available patches for CVE-2024-26968?
Yes, patches are available for CVE-2024-26968 in the official Linux kernel repositories and through Debian updates.
- agent/title
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/author
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/trending
- agent/weakness
- agent/last-modified-date
- agent/remedy
- agent/severity
- collector/usn-cve
- source/Ubuntu
- agent/event
- agent/description
- agent/source
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-api
- agent/softwarecombine
- agent/tags
- collector/security-tracker-debian
- source/Debian
- vendor/linux
- canonical/linux kernel
- version/linux kernel/6.4
- version/linux kernel/6.7
- version/linux kernel/6.8
- package-manager/debian