PT-2024-6748 · Linux+5 · Linux Kernel+5

Dan Carpenter

Published

2022-01-26

Updated

2025-09-29

CVE-2024-40994

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)

Description: The issue is related to an integer overflow in the max vclocks store() function, which is part of the Precision Time Protocol (PTP) implementation in the Linux kernel. This overflow can occur on 32-bit systems when the "4 * max" multiplication exceeds the maximum allowed value. The vulnerability can be exploited to execute arbitrary code. The allocation is prevented by using kcalloc().

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-911CWE-190

Related Identifiers

ALSA-2025_16880

ALT-PU-2024-11524

ALT-PU-2024-13979

ALT-PU-2024-14046

BDU:2024-07961

BDU:2024-08352

CVE-2024-40994

DLA-4008-1

DSA-5731-1

OESA-2024-2076

OPENSUSE-SU-2024_2947-1

SUSE-SU-2024:2894-1

SUSE-SU-2024:2902-1

SUSE-SU-2024:2929-1

SUSE-SU-2024:2939-1

SUSE-SU-2024:2947-1

SUSE-SU-2024:3194-1

SUSE-SU-2024:3195-1

SUSE-SU-2024:3383-1

SUSE-SU-2025:20044-1

SUSE-SU-2025:20047-1

USN-6999-1

USN-6999-2

USN-7004-1

USN-7005-1

USN-7005-2

USN-7007-1

USN-7007-2

USN-7007-3

USN-7008-1

USN-7009-1

USN-7009-2

USN-7019-1

USN-7029-1

Affected Products

Alt Linux

Linuxmint

Linux Kernel

Red Os

Suse

Ubuntu

PT-2024-6748 · Linux+5 · Linux Kernel+5

CVE-2024-40994

Weakness Enumeration

Related Identifiers

Affected Products

References · 2680