CVE-2024-53192: clk: clk-loongson2: Fix potential buffer overflow in flexible-array member access
First published: Fri Dec 27 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: clk: clk-loongson2: Fix potential buffer overflow in flexible-array member access Flexible-array member `hws` in `struct clk_hw_onecell_data` is annotated with the `counted_by()` attribute. This means that when memory is allocated for this array, the _counter_, which in this case is member `num` in the flexible structure, should be set to the maximum number of elements the flexible array can contain, or fewer. In this case, the total number of elements for the flexible array is determined by variable `clks_num` when allocating heap space via `devm_kzalloc()`, as shown below: 289 struct loongson2_clk_provider *clp; ... 296 for (p = data; p->name; p++) 297 clks_num++; 298 299 clp = devm_kzalloc(dev, struct_size(clp, clk_data.hws, clks_num), 300 GFP_KERNEL); So, `clp->clk_data.num` should be set to `clks_num` or less, and not exceed `clks_num`, as is currently the case. Otherwise, if data is written into `clp->clk_data.hws[clks_num]`, the instrumentation provided by the compiler won't detect the overflow, leading to a memory corruption bug at runtime. Fix this issue by setting `clp->clk_data.num` to `clks_num`.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Red Hat Kernel-devel | ||
| Linux Kernel | >=6.10<6.11.11 | |
| Linux Kernel | >=6.12<6.12.2 | |
| debian/linux | 5.10.223-1 5.10.234-1 6.1.129-1 6.1.135-1 6.12.25-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/b96fc194984d0c82de1ca2b4166b35b1298b216c
- https://git.kernel.org/stable/c/1bf8877150128c3abd9d233886a05f6966fbf0c7
- https://git.kernel.org/stable/c/02fb4f0084331ef72c28d0c70fcb15d1bea369ec
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53192
- https://nvd.nist.gov/vuln/detail/CVE-2024-53192
- https://launchpad.net/bugs/cve/CVE-2024-53192
- https://security-tracker.debian.org/tracker/CVE-2024-53192
- https://ubuntu.com/security/CVE-2024-53192
- https://git.kernel.org/linus/02fb4f0084331ef72c28d0c70fcb15d1bea369ec
Frequently Asked Questions
What is the severity of CVE-2024-53192?
The severity of CVE-2024-53192 has not been explicitly rated but it involves a potential buffer overflow that could lead to security vulnerabilities.
How do I fix CVE-2024-53192?
To fix CVE-2024-53192, update your Linux kernel to the latest patched version provided by the maintainers.
What software is affected by CVE-2024-53192?
CVE-2024-53192 affects the Linux kernel, particularly versions that include the clk-loongson2 module.
Can CVE-2024-53192 lead to a denial of service?
Yes, CVE-2024-53192 can potentially lead to a denial of service due to buffer overflow issues.
Who reported CVE-2024-53192?
CVE-2024-53192 was reported as part of the ongoing vulnerability assessment and patch management process within the Linux community.
- agent/title
- agent/type
- agent/first-publish-date
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/references
- agent/source
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/description
- agent/last-modified-date
- agent/remedy
- agent/event
- collector/nvd-api
- source/NVD
- agent/softwarecombine
- agent/tags
- collector/usn-cve
- source/Ubuntu
- collector/security-tracker-debian
- source/Debian
- collector/nvd-cve
- vendor/linux
- canonical/red hat kernel-devel
- canonical/linux kernel
- version/linux kernel/6.10
- version/linux kernel/6.12
- package-manager/debian