5.5 CVE-2024-26966

Buffer Overflow Patch
 

In the Linux kernel, the following vulnerability has been resolved: clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays The frequency table arrays are supposed to be terminated with an empty element. Add such entry to the end of the arrays where it is missing in order to avoid possible out-of-bound access when the table is traversed by functions like qcom_find_freq() or qcom_find_freq_floor(). Only compile tested.
https://nvd.nist.gov/vuln/detail/CVE-2024-26966

Categories

CWE-129 : Improper Validation of Array Index
The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array. The most common condition situation leading to an out-of-bounds array index is the use of loop index variables as buffer indexes. If the end condition for the loop is subject to a flaw, the index can grow or shrink unbounded, therefore causing a buffer overflow or underflow. Another common situation leading to this condition is the use of a function's return value, or the resulting value of a calculation directly as an index in to a buffer. This weakness can be detected using dynamic tools and techniques that interact with the software using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The software's operation may slow down, but it should not become unstable, crash, or generate incorrect results. Black box methods might not get the needed code coverage within limited time constraints, and a dynamic test might not produce any noticeable side effects even if it is successful. Use an input validation framework such as Struts or the OWASP ESAPI Validation API. Note that using a framework does not automatically address all input validation problems; be mindful of weaknesses that could arise from misusing the framework itself (CWE-1173). Be especially careful to validate all input when invoking code that crosses language boundaries, such as from an interpreted language to native code. This could create an unexpected interaction between the language boundaries. Ensure that you are not violating any of the expectations of the language with which you are interfacing. For example, even though Java may not be susceptible to buffer overflows, providing a large argument in a call to native code might trigger an overflow. Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations. large ID in packet used as array index negative array index as argument to POP LIST command Integer signedness error leads to negative array index product does not properly track a count and a maximum number, which can lead to resultant array index overflow. Chain: device driver for packet-capturing software allows access to an unintended IOCTL with resultant array index error. Chain: array index error (CWE-129) leads to deadlock (CWE-833)

References

416baaa9-dc9f-4396-8d5f-8c081fb06d67 Patch

af854a3a-2127-422b-91ae-364da2661108 Patch

https://git.kernel.org/stable/c/185de0b7cdeaad8b89ebd4c8a258ff2f21adba99
Patch
https://git.kernel.org/stable/c/3aedcf3755c74dafc187eb76acb04e3e6348b1a9
Patch
https://git.kernel.org/stable/c/5533686e99b04994d7c4877dc0e4282adc9444a2
Patch
https://git.kernel.org/stable/c/5638330150db2cc30b53eed04e481062faa3ece8
Patch
https://git.kernel.org/stable/c/7e5432401536117c316d7f3b21d46b64c1514f38
Patch
https://git.kernel.org/stable/c/9b4c4546dd61950e80ffdca1bf6925f42b665b03
Patch
https://git.kernel.org/stable/c/a09aecb6cb482de88301c43bf00a6c8726c4d34f
Patch
https://git.kernel.org/stable/c/a903cfd38d8dee7e754fb89fd1bebed99e28003d
Patch
https://git.kernel.org/stable/c/b2dfb216f32627c2f6a8041f2d9d56d102ab87c0
Patch
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
Mailing List Third Party Advisory


 

CPE

cpe start end
Configuration 1
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* >= 3.17 < 4.19.312
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* >= 4.20 < 5.4.274
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* >= 5.5 < 5.10.215
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* >= 5.11 < 5.15.154
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* >= 5.16 < 6.1.84
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* >= 6.2 < 6.6.24
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* >= 6.7 < 6.7.12
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* >= 6.8 < 6.8.3
Configuration 2
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*


REMEDIATION


Patch

Url
https://git.kernel.org/stable/c/185de0b7cdeaad8b89ebd4c8a258ff2f21adba99
https://git.kernel.org/stable/c/3aedcf3755c74dafc187eb76acb04e3e6348b1a9
https://git.kernel.org/stable/c/5533686e99b04994d7c4877dc0e4282adc9444a2
https://git.kernel.org/stable/c/5638330150db2cc30b53eed04e481062faa3ece8
https://git.kernel.org/stable/c/7e5432401536117c316d7f3b21d46b64c1514f38
https://git.kernel.org/stable/c/9b4c4546dd61950e80ffdca1bf6925f42b665b03
https://git.kernel.org/stable/c/a09aecb6cb482de88301c43bf00a6c8726c4d34f
https://git.kernel.org/stable/c/a903cfd38d8dee7e754fb89fd1bebed99e28003d
https://git.kernel.org/stable/c/b2dfb216f32627c2f6a8041f2d9d56d102ab87c0
https://git.kernel.org/stable/c/185de0b7cdeaad8b89ebd4c8a258ff2f21adba99
https://git.kernel.org/stable/c/3aedcf3755c74dafc187eb76acb04e3e6348b1a9
https://git.kernel.org/stable/c/5533686e99b04994d7c4877dc0e4282adc9444a2
https://git.kernel.org/stable/c/5638330150db2cc30b53eed04e481062faa3ece8
https://git.kernel.org/stable/c/7e5432401536117c316d7f3b21d46b64c1514f38
https://git.kernel.org/stable/c/9b4c4546dd61950e80ffdca1bf6925f42b665b03
https://git.kernel.org/stable/c/a09aecb6cb482de88301c43bf00a6c8726c4d34f
https://git.kernel.org/stable/c/a903cfd38d8dee7e754fb89fd1bebed99e28003d
https://git.kernel.org/stable/c/b2dfb216f32627c2f6a8041f2d9d56d102ab87c0


EXPLOITS


Exploit-db.com

id description date
No known exploits

POC Github

Url
No known exploits

Other Nist (github, ...)

Url
No known exploits


CAPEC


Common Attack Pattern Enumerations and Classifications

id description severity
100 Overflow Buffers
Very High