CVE-2024-53062
CVSS 3.1 Score 7.1 of 10 (high)
Details
Summary
CVE-2024-53062 is a recently identified vulnerability affecting the Linux kernel's media driver for MGB4 devices (mgb4_cmt). The issue lies in the way frequency ranges are set via sysfs, making it susceptible to the Spectre side-channel attack. Specifically, the functions mgb4_cmt_set_vin_freq_range() contain potential Spectre vulnerabilities at lines 231 and 238 in the file drivers/media/pci/mgb4/mgb4_cmt.c. These warnings indicate the presence of a spectre issue 'cmt_vals_in' and a possible spectre second half 'reg_set'. The vulnerability has been resolved by addressing these issues.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Linux Kernel
Affected Vendors
- LINUX