CVE-2024-26971

MEDIUM5.5

clk: qcom: gcc-ipq5018: fix terminating of frequency table arrays

Published May 1, 2024

Modified 8 months ago

No fix available

Details

In the Linux kernel, the following vulnerability has been resolved:

clk: qcom: gcc-ipq5018: fix terminating of frequency table arrays

The frequency table arrays are supposed to be terminated with an empty element. Add such entry to the end of the arrays where it is missing in order to avoid possible out-of-bound access when the table is traversed by functions like qcom_find_freq() or qcom_find_freq_floor().

References

WEBhttps://git.kernel.org/stable/c/50c3acd460551cdf9d8ac6fe0c04f2de0e8e0872 WEBhttps://git.kernel.org/stable/c/90ad946fff70f312b8d23226afc38c13ddd88c4b WEBhttps://git.kernel.org/stable/c/b0cf3d200e8a72b6d28e6e088c062b4a98cb5eaf WEBhttps://git.kernel.org/stable/c/c8f4bef0667947b826848db1c45a645f751357c1 ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2024-26971

CVSS Analysis

CVSS v3.1

5.5

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

LowAC:L

Privileges Required

LowPR:L

User Interaction

NoneUI:N

Scope

UnchangedS:U

Impact

Confidentiality

NoneC:N

Integrity

NoneI:N

Availability

HighA:H

5.5/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Ecosystems

Timeline

PublishedMay 1, 2024

ModifiedMay 4, 2025

CVE-2024-26971 | Mondoo Vulnerability Intelligence