What is the severity of CVE-2024-43852?

CVE-2024-43852 is classified as a low-severity vulnerability in the Linux kernel.

How do I fix CVE-2024-43852?

To resolve CVE-2024-43852, update your Linux kernel to version 5.10.223-1, 5.10.226-1, 6.1.119-1, 6.1.123-1, or 6.12.11-1.

Which Linux kernel versions are affected by CVE-2024-43852?

CVE-2024-43852 affects Linux kernel versions between 6.7 and 6.10.3.

What specific component of the Linux kernel is impacted by CVE-2024-43852?

CVE-2024-43852 affects the hwmon subsystem, specifically related to the LTC2991 temperature sensor.

Is there a workaround for CVE-2024-43852 before applying a patch?

There are no known workarounds for CVE-2024-43852, and applying the patch is the recommended action.

Vulnerability/
CVE-2024-43852

high

7.8

CWE

193

17/8/2024

19/12/2024

CVE-2024-43852: hwmon: (ltc2991) re-order conditions to fix off by one bug

First published: Sat Aug 17 2024(Updated: )

In the Linux kernel, the following vulnerability has been resolved: hwmon: (ltc2991) re-order conditions to fix off by one bug LTC2991_T_INT_CH_NR is 4. The st->temp_en[] array has LTC2991_MAX_CHANNEL (4) elements. Thus if "channel" is equal to LTC2991_T_INT_CH_NR then we have read one element beyond the end of the array. Flip the conditions around so that we check if "channel" is valid before using it as an array index.

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected Software	Affected Version	How to fix
Linux Kernel	>=6.7<6.10.3
debian/linux		5.10.223-1 5.10.226-1 6.1.123-1 6.1.119-1 6.12.11-1

Remedy

https://git.kernel.org/stable/c/99bf7c2eccff82760fa23ce967cc67c8c219c6a6

Remedy

https://git.kernel.org/stable/c/c180311c0a520692e2d0e9ca44dcd6c2ff1b41c4

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-43852?
CVE-2024-43852 is classified as a low-severity vulnerability in the Linux kernel.
How do I fix CVE-2024-43852?
To resolve CVE-2024-43852, update your Linux kernel to version 5.10.223-1, 5.10.226-1, 6.1.119-1, 6.1.123-1, or 6.12.11-1.
Which Linux kernel versions are affected by CVE-2024-43852?
CVE-2024-43852 affects Linux kernel versions between 6.7 and 6.10.3.
What specific component of the Linux kernel is impacted by CVE-2024-43852?
CVE-2024-43852 affects the hwmon subsystem, specifically related to the LTC2991 temperature sensor.
Is there a workaround for CVE-2024-43852 before applying a patch?
There are no known workarounds for CVE-2024-43852, and applying the patch is the recommended action.

agent/title
agent/type
agent/first-publish-date
agent/remedy
agent/severity
agent/weakness
agent/references
agent/author
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/trending
collector/usn-cve
source/Ubuntu
agent/description
agent/event
agent/source
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
collector/nvd-cve
agent/softwarecombine
agent/tags
collector/security-tracker-debian
source/Debian
vendor/linux
canonical/linux kernel
version/linux kernel/6.7
package-manager/debian

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.