CVE-2024-42086

HIGH

Linux Kernel Out-of-bounds Write in BME680 Sensor Compensate Functions

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: iio: chemical: bme680: Fix overflows in compensate() functions There are cases in the compensate functions of the driver that there could be overflows of variables due to bit shifting ops. These implications were initially discussed here [1] and they were mentioned in log message of Commit 1b3bd8592780 ("iio: chemical: Add support for Bosch BME680 sensor"). [1]: https://lore.kernel.org/linux-iio/20180728114028.3c1bbe81@archlinux/

References (9)

Core 9

Scores

CVSS v3 7.8
EPSS 0.0024
EPSS Percentile 14.8%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-787
Status published
Products (27)
linux/Kernel 4.19.0 - 4.19.317linux
linux/Kernel 4.20.0 - 5.4.279linux
linux/Kernel 5.11.0 - 5.15.162linux
linux/Kernel 5.16.0 - 6.1.97linux
linux/Kernel 5.5.0 - 5.10.221linux
linux/Kernel 6.2.0 - 6.6.37linux
linux/Kernel 6.7.0 - 6.9.8linux
Linux/Linux < 4.19
Linux/Linux 1b3bd8592780c87c5eddabbe98666b086bbaee36 - 3add41bbda92938e9a528d74659dfc552796be4e
Linux/Linux 1b3bd8592780c87c5eddabbe98666b086bbaee36 - 6fa31bbe2ea8665ee970258eb8320cbf231dbe9e
... and 17 more
Published Jul 29, 2024
Tracked Since Feb 18, 2026