CVE-2024-53062

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Nov 19, 2024
Updated: Nov 22, 2024

Summary

CVE-2024-53062 is a recently identified vulnerability affecting the Linux kernel's media driver for MGB4 devices (mgb4_cmt). The issue lies in the way frequency ranges are set via sysfs, making it susceptible to the Spectre side-channel attack. Specifically, the functions mgb4_cmt_set_vin_freq_range() contain potential Spectre vulnerabilities at lines 231 and 238 in the file drivers/media/pci/mgb4/mgb4_cmt.c. These warnings indicate the presence of a spectre issue 'cmt_vals_in' and a possible spectre second half 'reg_set'. The vulnerability has been resolved by addressing these issues.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share