CVE-2024-42223

Summary

In the Linux kernel, the following vulnerability has been resolved:

media: dvb-frontends: tda10048: Fix integer overflow

state->xtal_hz can be up to 16M, so it can overflow a 32 bit integer when multiplied by pll_mfactor.

Create a new 64 bit variable to hold the calculations.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxd114153816ec188b20a37583e66da33d8b2798fe < 8167e4d7dc086d4f7ca7897dcff3827e4d22c99aaffected
LinuxLinuxd114153816ec188b20a37583e66da33d8b2798fe < 5c72587d024f087aecec0221eaff2fe850d856ceaffected
LinuxLinuxd114153816ec188b20a37583e66da33d8b2798fe < e1ba22618758e95e09c9fd30c69ccce38edf94c0affected
LinuxLinuxd114153816ec188b20a37583e66da33d8b2798fe < bd5620439959a7e02012588c724c6ff5143b80afaffected
LinuxLinuxd114153816ec188b20a37583e66da33d8b2798fe < 1663e2474e4d777187d749a5c90ae83232db32bdaffected
LinuxLinuxd114153816ec188b20a37583e66da33d8b2798fe < 8ac224e9371dc3c4eb666033e6b42d05cf5184a1affected
LinuxLinuxd114153816ec188b20a37583e66da33d8b2798fe < 1121d8a5c6ed6b8fad492e43b63b386cb6a3a9d8affected
LinuxLinuxd114153816ec188b20a37583e66da33d8b2798fe < 1aa1329a67cc214c3b7bd2a14d1301a795760b07affected
LinuxLinux2.6.31affected
LinuxLinux0 < 2.6.31unaffected
LinuxLinux4.19.318 <= 4.19.*unaffected
LinuxLinux5.4.280 <= 5.4.*unaffected
LinuxLinux5.10.222 <= 5.10.*unaffected
LinuxLinux5.15.163 <= 5.15.*unaffected
LinuxLinux6.1.98 <= 6.1.*unaffected
LinuxLinux6.6.39 <= 6.6.*unaffected
LinuxLinux6.9.9 <= 6.9.*unaffected
LinuxLinux6.10 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References