CVE-2024-53192

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A potential buffer overflow issue has been identified in the Linux kernel, specifically in the clk-loongson2 component. The issue arises from the flexible-array member hws in struct clk hw onecell data, which is annotated with the counted by() attribute. When memory is allocated for this array, the counter, num, should be set to the maximum number of elements the flexible array can contain, or fewer. However, in this case, clp->clk data.num is not set correctly, potentially leading to a memory corruption bug at runtime if data is written into clp->clk data.hws[clks num]. The issue is resolved by setting clp->clk data.num to clks num.

Recommendations To resolve this issue, set clp->clk data.num to clks num to prevent potential buffer overflow. At the moment, there is no information about a newer version that contains a fix for this vulnerability.