CVE-2024-38631

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to the pac1934 read raw() function in the drivers/iio/adc/pac1934.c module of the Linux kernel, which is associated with accessing memory beyond the allocated buffer. This can potentially allow an attacker to impact the confidentiality, integrity, and availability of protected information. The vulnerability is caused by accessing an out of bounds array index for average current and voltage measurements. The device itself has only 4 channels, but in sysfs, there are "fake" channels for the average voltages and currents too.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.