CVE-2024-42100

Summary

In the Linux kernel, the following vulnerability has been resolved:

clk: sunxi-ng: common: Don't call hw_to_ccu_common on hw without common

In order to set the rate range of a hw sunxi_ccu_probe calls hw_to_ccu_common() assuming all entries in desc->ccu_clks are contained in a ccu_common struct. This assumption is incorrect and, in consequence, causes invalid pointer de-references.

Remove the faulty call. Instead, add one more loop that iterates over the ccu_clks and sets the rate range, if required.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux547263745e15a038ec3954b5c283805529377626 < 14c78d69dbca6a28af14095f639ec4318ec07fdcaffected
LinuxLinuxb914ec33b391ec766545a41f0cfc0de3e0b388d7 < 7a0e2738cb6da5a55c9908dff333600aeb263e07affected
LinuxLinuxb914ec33b391ec766545a41f0cfc0de3e0b388d7 < ea977d742507e534d9fe4f4d74256f6b7f589338affected
LinuxLinux761cbd9c0e4ed082b548bf6a0de25eebad24309daffected
LinuxLinux6.6.31 < 6.6.39affected
LinuxLinux6.8.10 < 6.9affected
LinuxLinux6.9affected
LinuxLinux0 < 6.9unaffected
LinuxLinux6.6.39 <= 6.6.*unaffected
LinuxLinux6.9.9 <= 6.9.*unaffected
LinuxLinux6.10 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References