CVE-2024-40994

HIGH

Linux Kernel 5.14-5.15.161, 5.16-6.1.95, 6.2-6.6.35, 6.7-6.9.6 - Integer Overflow in PTP max_vclocks_store

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: ptp: fix integer overflow in max_vclocks_store On 32bit systems, the "4 * max" multiply can overflow. Use kcalloc() to do the allocation to prevent this.

References (6)

Core 6

Core References

Mailing List

https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

Patch

https://git.kernel.org/stable/c/4b03da87d0b7074c93d9662c6e1a8939f9b8b86e

Patch

https://git.kernel.org/stable/c/d50d62d5e6ee6aa03c00bddb91745d0b632d3b0f

Patch

https://git.kernel.org/stable/c/666e934d749e50a37f3796caaf843a605f115b6f

Patch

https://git.kernel.org/stable/c/e1fccfb4638ee6188377867f6015d0ce35764a8e

Patch

https://git.kernel.org/stable/c/81d23d2a24012e448f651e007fac2cfd20a45ce0

Scores

CVSS v3 7.8

EPSS 0.0028

EPSS Percentile 19.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-190

Status published

Products (18)

linux/Kernel 5.14.0 - 5.15.162linux

linux/Kernel 5.16.0 - 6.1.96linux

linux/Kernel 6.2.0 - 6.6.36linux

linux/Kernel 6.7.0 - 6.9.7linux

Linux/Linux < 5.14

Linux/Linux 44c494c8e30e35713c7d11ca3c5ab332cbfabacf - 4b03da87d0b7074c93d9662c6e1a8939f9b8b86e

Linux/Linux 44c494c8e30e35713c7d11ca3c5ab332cbfabacf - 666e934d749e50a37f3796caaf843a605f115b6f

Linux/Linux 44c494c8e30e35713c7d11ca3c5ab332cbfabacf - 81d23d2a24012e448f651e007fac2cfd20a45ce0

Linux/Linux 44c494c8e30e35713c7d11ca3c5ab332cbfabacf - d50d62d5e6ee6aa03c00bddb91745d0b632d3b0f

Linux/Linux 44c494c8e30e35713c7d11ca3c5ab332cbfabacf - e1fccfb4638ee6188377867f6015d0ce35764a8e

... and 8 more

Published Jul 12, 2024

Tracked Since Feb 18, 2026