CVE-2024-43852

HIGH

Linux kernel - Off-by-One Bug

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: hwmon: (ltc2991) re-order conditions to fix off by one bug LTC2991_T_INT_CH_NR is 4. The st->temp_en[] array has LTC2991_MAX_CHANNEL (4) elements. Thus if "channel" is equal to LTC2991_T_INT_CH_NR then we have read one element beyond the end of the array. Flip the conditions around so that we check if "channel" is valid before using it as an array index.

References (2)

[Patch] https://git.kernel.org/stable/c/99bf7c2eccff82760fa23ce967cc67c8c219c6a6

[Patch] https://git.kernel.org/stable/c/c180311c0a520692e2d0e9ca44dcd6c2ff1b41c4

Scores

CVSS v3 7.8

EPSS 0.0003

EPSS Percentile 9.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-193

Status published

Products (2)

linux/Kernel 6.7.0 - 6.10.3linux

linux/linux_kernel 6.7 - 6.10.3

Published Aug 17, 2024

Tracked Since Feb 18, 2026