PT-2024-7905 · Linux+6 · Linux Kernel+6

Published

2024-03-02

·

Updated

2025-09-29

·

CVE-2024-26969

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The issue is related to the Linux kernel's clock driver, specifically the qcom component. It involves a potential out-of-bounds access when traversing frequency table arrays. The arrays are supposed to be terminated with an empty element, but in some cases, this element is missing, which could lead to out-of-bounds access when functions like qcom find freq() or qcom find freq floor() are used. There is no information provided about the estimated number of potentially affected devices or real-world incidents where this issue was exploited.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Out of bounds Read

Improper Validation of Array Index

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-129

Related Identifiers

ALSA-2025_16880
ALT-PU-2024-7511
BDU:2024-09409
CVE-2024-26969
DLA-3840-1
DLA-3842-1
DSA-5681-1
OESA-2024-1677
OESA-2024-1678
OESA-2025-1080
OESA-2025-1081
OPENSUSE-SU-2024_1644-1
OPENSUSE-SU-2024_1659-1
OPENSUSE-SU-2024_1663-1
SUSE-SU-2024:1644-1
SUSE-SU-2024:1659-1
SUSE-SU-2024:1663-1
SUSE-SU-2025:20008-1
SUSE-SU-2025:20028-1
USN-6816-1
USN-6817-1
USN-6817-2
USN-6817-3
USN-6878-1
USN-6896-1
USN-6896-2
USN-6896-3
USN-6896-4
USN-6896-5
USN-6898-1
USN-6898-2
USN-6898-3
USN-6898-4
USN-6917-1
USN-6919-1
USN-6927-1
USN-7019-1

Affected Products

Alt Linux
Astra Linux
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu