Description
In the Linux kernel, the following vulnerability has been resolved: rtc: check if __rtc_read_time was successful in rtc_timer_do_work() If the __rtc_read_time call fails,, the struct rtc_time tm; may contain uninitialized data, or an illegal date/time read from the RTC hardware. When calling rtc_tm_to_ktime later, the result may be a very large value (possibly KTIME_MAX). If there are periodic timers in rtc->timerqueue, they will continually expire, may causing kernel softlockup.
References (11)
Scores
CVSS v3
5.5
EPSS
0.0001
EPSS Percentile
2.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-908
Status
published
Products (9)
linux/Kernel
2.6.38 - 4.19.325linux
linux/Kernel
4.20.0 - 5.4.287linux
linux/Kernel
5.11.0 - 5.15.174linux
linux/Kernel
5.16.0 - 6.1.120linux
linux/Kernel
5.5.0 - 5.10.231linux
linux/Kernel
6.12.0 - 6.12.2linux
linux/Kernel
6.2.0 - 6.6.64linux
linux/Kernel
6.7.0 - 6.11.11linux
linux/linux_kernel
2.6.38 - 4.19.325
Published
Dec 29, 2024
Tracked Since
Feb 18, 2026