CVE-2024-26664

Summary

In the Linux kernel, the following vulnerability has been resolved:

hwmon: (coretemp) Fix out-of-bounds memory access

Fix a bug that pdata->cpu_map[] is set before out-of-bounds check. The problem might be triggered on systems with more than 128 cores per package.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux4f9dcadc55c21b39b072bb0882362c7edc4340bc < 93f0f4e846fcb682c3ec436e3b2e30e5a3a8ee6aaffected
LinuxLinuxc00cdfc9bd767ee743ad3a4054de17aeb0afcbca < 1eb74c00c9c3b13cb65e508c5d5a2f11afb96b8baffected
LinuxLinuxd9f0159da05df869071164edf0c6d7302efc5eca < f0da068c75c20ffc5ba28243ff577531dc2af1fdaffected
LinuxLinux30cf0dee372baf9b515f2d9c7218f905fddf3cdb < a16afec8e83c56b14a4a73d2e3fb8eec3a8a057eaffected
LinuxLinux7108b80a542b9d65e44b36d64a700a83658c0b73 < 9bce69419271eb8b2b3ab467387cb59c99d80debaffected
LinuxLinux7108b80a542b9d65e44b36d64a700a83658c0b73 < 853a6503c586a71abf27e60a7f8c4fb28092976daffected
LinuxLinux7108b80a542b9d65e44b36d64a700a83658c0b73 < 3a7753bda55985dc26fae17795cb10d825453ad1affected
LinuxLinux7108b80a542b9d65e44b36d64a700a83658c0b73 < 4e440abc894585a34c2904a32cd54af1742311b3affected
LinuxLinuxd1de8e1ae924d9dc31548676e4a665b52ebee27eaffected
LinuxLinux4.19.264 < 4.19.307affected
LinuxLinux5.4.221 < 5.4.269affected
LinuxLinux5.10.152 < 5.10.210affected
LinuxLinux5.15.76 < 5.15.149affected
LinuxLinux6.0.6 < 6.1affected
LinuxLinux6.1affected
LinuxLinux0 < 6.1unaffected
LinuxLinux4.19.307 <= 4.19.*unaffected
LinuxLinux5.4.269 <= 5.4.*unaffected
LinuxLinux5.10.210 <= 5.10.*unaffected
LinuxLinux5.15.149 <= 5.15.*unaffected
LinuxLinux6.1.78 <= 6.1.*unaffected
LinuxLinux6.6.17 <= 6.6.*unaffected
LinuxLinux6.7.5 <= 6.7.*unaffected
LinuxLinux6.8 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References