CVE-2024-42100

MEDIUM

Linux Kernel 6.6.31-6.6.38 - NULL Pointer Dereference in Clock Framework

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: clk: sunxi-ng: common: Don't call hw_to_ccu_common on hw without common In order to set the rate range of a hw sunxi_ccu_probe calls hw_to_ccu_common() assuming all entries in desc->ccu_clks are contained in a ccu_common struct. This assumption is incorrect and, in consequence, causes invalid pointer de-references. Remove the faulty call. Instead, add one more loop that iterates over the ccu_clks and sets the rate range, if required.

References (3)

Core 3

Core References

Patch

https://git.kernel.org/stable/c/14c78d69dbca6a28af14095f639ec4318ec07fdc

Patch

https://git.kernel.org/stable/c/7a0e2738cb6da5a55c9908dff333600aeb263e07

Patch

https://git.kernel.org/stable/c/ea977d742507e534d9fe4f4d74256f6b7f589338

Scores

CVSS v3 5.5

EPSS 0.0024

EPSS Percentile 14.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-476

Status published

Products (14)

Linux/Linux < 6.9

Linux/Linux 547263745e15a038ec3954b5c283805529377626 - 14c78d69dbca6a28af14095f639ec4318ec07fdc

Linux/Linux 6.10

Linux/Linux 6.6.31 - 6.6.39

Linux/Linux 6.6.39 - 6.6.*

Linux/Linux 6.8.10 - 6.9

Linux/Linux 6.9

Linux/Linux 6.9.9 - 6.9.*

Linux/Linux 761cbd9c0e4ed082b548bf6a0de25eebad24309d

Linux/Linux b914ec33b391ec766545a41f0cfc0de3e0b388d7 - 7a0e2738cb6da5a55c9908dff333600aeb263e07

... and 4 more

Published Jul 30, 2024

Tracked Since Feb 18, 2026