PT-2024-6905 · Linux+5 · Linux Kernel+5

Published

2024-07-07

·

Updated

2025-02-10

·

CVE-2024-46757

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The issue is related to an underflow seen when writing limit attributes in the hwmon driver, specifically in the nct6775-core module. This underflow occurs when a large negative number, such as -9223372036854775808, is provided by the user after the kstrtol() function and before the DIV ROUND CLOSEST() operation. The fix involves reordering the clamp val() and DIV ROUND CLOSEST() operations to prevent this underflow. The vulnerability is associated with an integer overflow in the store temp offset() function, which could allow an attacker to impact the confidentiality, integrity, and availability of protected information.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Integer Underflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-191

Related Identifiers

ALT-PU-2024-12535
ALT-PU-2024-12537
ALT-PU-2024-12541
ALT-PU-2024-13121
ALT-PU-2024-13166
ALT-PU-2024-13260
ALT-PU-2024-13979
ALT-PU-2024-14046
ALT-PU-2024-15824
BDU:2024-08128
CVE-2024-46757
DLA-3912-1
DLA-4008-1
DSA-5782-1
MGASA-2024-0316
MGASA-2024-0318
OESA-2024-2294
OESA-2024-2321
OESA-2024-2322
OESA-2024-2324
OESA-2024-2325
OPENSUSE-SU-2024_3551-1
OPENSUSE-SU-2024_3561-1
OPENSUSE-SU-2024_3564-1
SUSE-SU-2024:3551-1
SUSE-SU-2024:3553-1
SUSE-SU-2024:3561-1
SUSE-SU-2024:3564-1
SUSE-SU-2025:20073-1
SUSE-SU-2025:20077-1
USN-7088-1
USN-7088-2
USN-7088-3
USN-7088-4
USN-7088-5
USN-7100-1
USN-7100-2
USN-7119-1
USN-7121-1
USN-7121-2
USN-7121-3
USN-7123-1
USN-7144-1
USN-7148-1
USN-7154-1
USN-7154-2
USN-7155-1
USN-7156-1
USN-7194-1
USN-7196-1

Affected Products

Alt Linux
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu