CVE-2024-43852

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Aug 17, 2024
Updated: Aug 19, 2024
CWE ID 193

Summary

CVE-2024-43852 is a vulnerability affecting the Linux kernel's hwmon module for LTC2991 temperature sensors. The issue arises from a condition where the array index is checked after the array size validation. Specifically, the st->temp_en array, which has LTC2991_MAX_CHANNEL (4) elements, is accessed when the 'channel' parameter is set to LTC2991_T_INT_CH_NR (also 4). This results in reading beyond the end of the array. The vulnerability has been mitigated by reversing the order of the conditions to ensure proper array index validation.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share