CVE-2024-47698

In the Linux kernel, the following vulnerability has been resolved: drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error Ensure index in rtl2832_pid_filter does not exceed 31 to prevent out-of-bounds access. dev->filters is a 32-bit value, so set_bit and clear_bit functions should only operate on indices from 0 to 31. If index is 32, it will attempt to access a non-existent 33rd bit, leading to out-of-bounds access. Change the boundary check from index > 32 to index >= 32 to resolve this issue. [hverkuil: added fixes tag, rtl2830_pid_filter -> rtl2832_pid_filter in logmsg]

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/15bea004e939d938a6771dfcf2a26cc899ffd20a	Patch
https://git.kernel.org/stable/c/49b33c38d202d3327dcfd058e27f541dcc308b92
https://git.kernel.org/stable/c/527ab3eb3b0b4a6ee00e183c1de6a730239e2835	Patch
https://git.kernel.org/stable/c/66dbe0df6eccc7ee53a2c35016ce81e13b3ff447	Patch
https://git.kernel.org/stable/c/6ae3b9aee42616ee93c4585174f40c767828006d	Patch
https://git.kernel.org/stable/c/7065c05c6d58b9b9a98127aa14e9a5ec68173918
https://git.kernel.org/stable/c/8ae06f360cfaca2b88b98ca89144548b3186aab1	Patch
https://git.kernel.org/stable/c/a879b6cdd48134a3d58949ea4f075c75fa2d7d71	Patch
https://git.kernel.org/stable/c/bedd42e07988dbdd124b23e758ffef7a681b9c60	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

History

No history.

Information

Published : 2024-10-21 12:15

Updated : 2024-11-08 16:15

NVD link : CVE-2024-47698

Mitre link : CVE-2024-47698

CVE.ORG link : CVE-2024-47698

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-787

Out-of-bounds Write

{"id": "CVE-2024-47698", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2024-10-21T12:15:06.423", "references": [{"url": "https://git.kernel.org/stable/c/15bea004e939d938a6771dfcf2a26cc899ffd20a", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/49b33c38d202d3327dcfd058e27f541dcc308b92", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/527ab3eb3b0b4a6ee00e183c1de6a730239e2835", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/66dbe0df6eccc7ee53a2c35016ce81e13b3ff447", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/6ae3b9aee42616ee93c4585174f40c767828006d", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/7065c05c6d58b9b9a98127aa14e9a5ec68173918", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/8ae06f360cfaca2b88b98ca89144548b3186aab1", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/a879b6cdd48134a3d58949ea4f075c75fa2d7d71", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/bedd42e07988dbdd124b23e758ffef7a681b9c60", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error\n\nEnsure index in rtl2832_pid_filter does not exceed 31 to prevent\nout-of-bounds access.\n\ndev->filters is a 32-bit value, so set_bit and clear_bit functions should\nonly operate on indices from 0 to 31. If index is 32, it will attempt to\naccess a non-existent 33rd bit, leading to out-of-bounds access.\nChange the boundary check from index > 32 to index >= 32 to resolve this\nissue.\n\n[hverkuil: added fixes tag, rtl2830_pid_filter -> rtl2832_pid_filter in logmsg]"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drivers: media: dvb-frontends/rtl2832: corrige un error de escritura fuera de los l\u00edmites Aseg\u00farate de que el \u00edndice en rtl2832_pid_filter no supere 31 para evitar el acceso fuera de los l\u00edmites. dev->filters es un valor de 32 bits, por lo que las funciones set_bit y clear_bit solo deben funcionar en \u00edndices de 0 a 31. Si el \u00edndice es 32, intentar\u00e1 acceder a un bit 33 inexistente, lo que provocar\u00e1 un acceso fuera de los l\u00edmites. Cambia la comprobaci\u00f3n de l\u00edmites de \u00edndice > 32 a \u00edndice >= 32 para resolver este problema. [hverkuil: se agreg\u00f3 la etiqueta de correcciones, rtl2830_pid_filter -> rtl2832_pid_filter en logmsg]"}], "lastModified": "2024-11-08T16:15:25.543", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B048D614-44B2-4635-B88F-66392D68DE86", "versionEndExcluding": "5.10.227", "versionStartIncluding": "4.0"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D51C05D-455B-4D8D-89E7-A58E140B864C", "versionEndExcluding": "5.15.168", "versionStartIncluding": "5.11"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D01BD22E-ACD1-4618-9D01-6116570BE1EE", "versionEndExcluding": "6.1.113", "versionStartIncluding": "5.16"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D448821D-C085-4CAF-88FA-2DDE7BE21976", "versionEndExcluding": "6.6.54", "versionStartIncluding": "6.2"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CE94BB8D-B0AB-4563-9ED7-A12122B56EBE", "versionEndExcluding": "6.10.13", "versionStartIncluding": "6.7"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AB755D26-97F4-43B6-8604-CD076811E181", "versionEndExcluding": "6.11.2", "versionStartIncluding": "6.11"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}