CVE-2024-47663 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: staging: iio: frequency: ad9834: Validate frequency parameter value In ad9834_write_frequency() clk_get_rate() can return 0. In such case ad9834_calc_freqreg() call will lead to division by zero. Checking 'if (fout > (clk_freq / 2))' doesn't protect in case of 'fout' is 0. ad9834_write_frequency() is called from ad9834_write(), where fout is taken from text buffer, which can contain any value. Modify parameters checking. Found by Linux Verification Center (linuxtesting.org) with SVACE.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Linux	Linux Kernel

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.11:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.11:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.11:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.11:rc4::::::
	cpe:2.3:o:linux:linux_kernel:6.11:rc5::::::
	cpe:2.3:o:linux:linux_kernel:6.11:rc6::::::

No data.

References

Link	Providers
https://git.kernel.org/stable/c/0e727707a239d5c519fc9abc2f0fd913516a7e47
https://git.kernel.org/stable/c/3ba9abfcaa9e16bb91ed7e0e2b42e94a157a953e
https://git.kernel.org/stable/c/41cc91e3138fe52f8da92a81bebcd0e6cf488c53
https://git.kernel.org/stable/c/5edc3a45ef428501000a7b23d0e1777a548907f6
https://git.kernel.org/stable/c/8961b245e8f92bccbaacfbbdf69eba60e3e7c227
https://git.kernel.org/stable/c/b48aa991758999d4e8f9296c5bbe388f293ef465
https://git.kernel.org/stable/c/d8b09a5edc4a634373158c1a405491de3c52e58a
https://git.kernel.org/stable/c/dc12e49f970b08d8b007b8981b97e2eb93c0e89d
https://lore.kernel.org/linux-cve-announce/2024100904-CVE-2024-47663-9bdc@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-47663
https://www.cve.org/CVERecord?id=CVE-2024-47663

History

Fri, 08 Nov 2024 16:00:00 +0000

Type	Values Removed	Values Added
References		https://git.kernel.org/stable/c/5edc3a45ef428501000a7b23d0e1777a548907f6

Wed, 23 Oct 2024 17:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
Weaknesses		CWE-369
CPEs		cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.11:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.11:rc2:::::: cpe:2.3:o:linux:linux_kernel:6.11:rc3:::::: cpe:2.3:o:linux:linux_kernel:6.11:rc4:::::: cpe:2.3:o:linux:linux_kernel:6.11:rc5:::::: cpe:2.3:o:linux:linux_kernel:6.11:rc6::::::
Vendors & Products		Linux Linux linux Kernel

Sat, 12 Oct 2024 01:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2024100904-CVE-2024-47663-9bdc@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2024-47663 https://www.cve.org/CVERecord?id=CVE-2024-47663
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Moderate`

Thu, 10 Oct 2024 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 09 Oct 2024 14:30:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: staging: iio: frequency: ad9834: Validate frequency parameter value In ad9834_write_frequency() clk_get_rate() can return 0. In such case ad9834_calc_freqreg() call will lead to division by zero. Checking 'if (fout > (clk_freq / 2))' doesn't protect in case of 'fout' is 0. ad9834_write_frequency() is called from ad9834_write(), where fout is taken from text buffer, which can contain any value. Modify parameters checking. Found by Linux Verification Center (linuxtesting.org) with SVACE.
Title		staging: iio: frequency: ad9834: Validate frequency parameter value
References		https://git.kernel.org/stable/c/0e727707a239d5c519fc9abc2f0fd913516a7e47 https://git.kernel.org/stable/c/3ba9abfcaa9e16bb91ed7e0e2b42e94a157a953e https://git.kernel.org/stable/c/41cc91e3138fe52f8da92a81bebcd0e6cf488c53 https://git.kernel.org/stable/c/8961b245e8f92bccbaacfbbdf69eba60e3e7c227 https://git.kernel.org/stable/c/b48aa991758999d4e8f9296c5bbe388f293ef465 https://git.kernel.org/stable/c/d8b09a5edc4a634373158c1a405491de3c52e58a https://git.kernel.org/stable/c/dc12e49f970b08d8b007b8981b97e2eb93c0e89d

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-10-09T14:13:56.514Z

Updated: 2025-05-04T09:36:40.948Z

Reserved: 2024-09-30T16:00:12.935Z

Link: CVE-2024-47663

Vulnrichment

Updated: 2024-10-10T13:22:32.239Z

NVD

Status : Modified

Published: 2024-10-09T15:15:15.150

Modified: 2024-11-08T16:15:24.277

Link: CVE-2024-47663

Redhat

Severity : Moderate

Publid Date: 2024-10-09T00:00:00Z

Links: CVE-2024-47663 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-47663", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-09-30T16:00:12.935Z", "datePublished": "2024-10-09T14:13:56.514Z", "dateUpdated": "2025-05-04T09:36:40.948Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T09:36:40.948Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: iio: frequency: ad9834: Validate frequency parameter value\n\nIn ad9834_write_frequency() clk_get_rate() can return 0. In such case\nad9834_calc_freqreg() call will lead to division by zero. Checking\n'if (fout > (clk_freq / 2))' doesn't protect in case of 'fout' is 0.\nad9834_write_frequency() is called from ad9834_write(), where fout is\ntaken from text buffer, which can contain any value.\n\nModify parameters checking.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/staging/iio/frequency/ad9834.c"], "versions": [{"version": "12b9d5bf76bfa20d3207ef24fca9c8254a586a58", "lessThan": "5edc3a45ef428501000a7b23d0e1777a548907f6", "status": "affected", "versionType": "git"}, {"version": "12b9d5bf76bfa20d3207ef24fca9c8254a586a58", "lessThan": "0e727707a239d5c519fc9abc2f0fd913516a7e47", "status": "affected", "versionType": "git"}, {"version": "12b9d5bf76bfa20d3207ef24fca9c8254a586a58", "lessThan": "41cc91e3138fe52f8da92a81bebcd0e6cf488c53", "status": "affected", "versionType": "git"}, {"version": "12b9d5bf76bfa20d3207ef24fca9c8254a586a58", "lessThan": "d8b09a5edc4a634373158c1a405491de3c52e58a", "status": "affected", "versionType": "git"}, {"version": "12b9d5bf76bfa20d3207ef24fca9c8254a586a58", "lessThan": "3ba9abfcaa9e16bb91ed7e0e2b42e94a157a953e", "status": "affected", "versionType": "git"}, {"version": "12b9d5bf76bfa20d3207ef24fca9c8254a586a58", "lessThan": "dc12e49f970b08d8b007b8981b97e2eb93c0e89d", "status": "affected", "versionType": "git"}, {"version": "12b9d5bf76bfa20d3207ef24fca9c8254a586a58", "lessThan": "8961b245e8f92bccbaacfbbdf69eba60e3e7c227", "status": "affected", "versionType": "git"}, {"version": "12b9d5bf76bfa20d3207ef24fca9c8254a586a58", "lessThan": "b48aa991758999d4e8f9296c5bbe388f293ef465", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/staging/iio/frequency/ad9834.c"], "versions": [{"version": "2.6.38", "status": "affected"}, {"version": "0", "lessThan": "2.6.38", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.323", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.284", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.226", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.167", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.110", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.51", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10.10", "lessThanOrEqual": "6.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.11", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.38", "versionEndExcluding": "4.19.323"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.38", "versionEndExcluding": "5.4.284"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.38", "versionEndExcluding": "5.10.226"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.38", "versionEndExcluding": "5.15.167"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.38", "versionEndExcluding": "6.1.110"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.38", "versionEndExcluding": "6.6.51"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.38", "versionEndExcluding": "6.10.10"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.38", "versionEndExcluding": "6.11"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/5edc3a45ef428501000a7b23d0e1777a548907f6"}, {"url": "https://git.kernel.org/stable/c/0e727707a239d5c519fc9abc2f0fd913516a7e47"}, {"url": "https://git.kernel.org/stable/c/41cc91e3138fe52f8da92a81bebcd0e6cf488c53"}, {"url": "https://git.kernel.org/stable/c/d8b09a5edc4a634373158c1a405491de3c52e58a"}, {"url": "https://git.kernel.org/stable/c/3ba9abfcaa9e16bb91ed7e0e2b42e94a157a953e"}, {"url": "https://git.kernel.org/stable/c/dc12e49f970b08d8b007b8981b97e2eb93c0e89d"}, {"url": "https://git.kernel.org/stable/c/8961b245e8f92bccbaacfbbdf69eba60e3e7c227"}, {"url": "https://git.kernel.org/stable/c/b48aa991758999d4e8f9296c5bbe388f293ef465"}], "title": "staging: iio: frequency: ad9834: Validate frequency parameter value", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-10T13:22:28.473649Z", "id": "CVE-2024-47663", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-10T13:22:42.368Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-47663", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-10T13:22:28.473649Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-10T13:22:32.239Z"}}], "cna": {"title": "staging: iio: frequency: ad9834: Validate frequency parameter value", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "12b9d5bf76bfa20d3207ef24fca9c8254a586a58", "lessThan": "5edc3a45ef428501000a7b23d0e1777a548907f6", "versionType": "git"}, {"status": "affected", "version": "12b9d5bf76bfa20d3207ef24fca9c8254a586a58", "lessThan": "0e727707a239d5c519fc9abc2f0fd913516a7e47", "versionType": "git"}, {"status": "affected", "version": "12b9d5bf76bfa20d3207ef24fca9c8254a586a58", "lessThan": "41cc91e3138fe52f8da92a81bebcd0e6cf488c53", "versionType": "git"}, {"status": "affected", "version": "12b9d5bf76bfa20d3207ef24fca9c8254a586a58", "lessThan": "d8b09a5edc4a634373158c1a405491de3c52e58a", "versionType": "git"}, {"status": "affected", "version": "12b9d5bf76bfa20d3207ef24fca9c8254a586a58", "lessThan": "3ba9abfcaa9e16bb91ed7e0e2b42e94a157a953e", "versionType": "git"}, {"status": "affected", "version": "12b9d5bf76bfa20d3207ef24fca9c8254a586a58", "lessThan": "dc12e49f970b08d8b007b8981b97e2eb93c0e89d", "versionType": "git"}, {"status": "affected", "version": "12b9d5bf76bfa20d3207ef24fca9c8254a586a58", "lessThan": "8961b245e8f92bccbaacfbbdf69eba60e3e7c227", "versionType": "git"}, {"status": "affected", "version": "12b9d5bf76bfa20d3207ef24fca9c8254a586a58", "lessThan": "b48aa991758999d4e8f9296c5bbe388f293ef465", "versionType": "git"}], "programFiles": ["drivers/staging/iio/frequency/ad9834.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "2.6.38"}, {"status": "unaffected", "version": "0", "lessThan": "2.6.38", "versionType": "semver"}, {"status": "unaffected", "version": "4.19.323", "versionType": "semver", "lessThanOrEqual": "4.19.*"}, {"status": "unaffected", "version": "5.4.284", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.226", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.167", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.110", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.51", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.10.10", "versionType": "semver", "lessThanOrEqual": "6.10.*"}, {"status": "unaffected", "version": "6.11", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/staging/iio/frequency/ad9834.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/5edc3a45ef428501000a7b23d0e1777a548907f6"}, {"url": "https://git.kernel.org/stable/c/0e727707a239d5c519fc9abc2f0fd913516a7e47"}, {"url": "https://git.kernel.org/stable/c/41cc91e3138fe52f8da92a81bebcd0e6cf488c53"}, {"url": "https://git.kernel.org/stable/c/d8b09a5edc4a634373158c1a405491de3c52e58a"}, {"url": "https://git.kernel.org/stable/c/3ba9abfcaa9e16bb91ed7e0e2b42e94a157a953e"}, {"url": "https://git.kernel.org/stable/c/dc12e49f970b08d8b007b8981b97e2eb93c0e89d"}, {"url": "https://git.kernel.org/stable/c/8961b245e8f92bccbaacfbbdf69eba60e3e7c227"}, {"url": "https://git.kernel.org/stable/c/b48aa991758999d4e8f9296c5bbe388f293ef465"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: iio: frequency: ad9834: Validate frequency parameter value\n\nIn ad9834_write_frequency() clk_get_rate() can return 0. In such case\nad9834_calc_freqreg() call will lead to division by zero. Checking\n'if (fout > (clk_freq / 2))' doesn't protect in case of 'fout' is 0.\nad9834_write_frequency() is called from ad9834_write(), where fout is\ntaken from text buffer, which can contain any value.\n\nModify parameters checking.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "4.19.323", "versionStartIncluding": "2.6.38"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.4.284", "versionStartIncluding": "2.6.38"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.10.226", "versionStartIncluding": "2.6.38"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.15.167", "versionStartIncluding": "2.6.38"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.1.110", "versionStartIncluding": "2.6.38"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.6.51", "versionStartIncluding": "2.6.38"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.10.10", "versionStartIncluding": "2.6.38"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.11", "versionStartIncluding": "2.6.38"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T09:36:40.948Z"}}}, "cveMetadata": {"cveId": "CVE-2024-47663", "state": "PUBLISHED", "dateUpdated": "2025-05-04T09:36:40.948Z", "dateReserved": "2024-09-30T16:00:12.935Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-10-09T14:13:56.514Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "F2BFB68D-5C59-4390-B406-2E9CD1A5D238", "versionEndExcluding": "5.4.284", "versionStartIncluding": "2.6.38", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "864FC17C-501A-4823-A643-6F35D65D8A97", "versionEndExcluding": "5.10.226", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "043405A4-25FE-45D4-A7BB-2A0C3B7D17C1", "versionEndExcluding": "5.15.167", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6B1A95FC-7E7E-428B-BB59-F76640C652AE", "versionEndExcluding": "6.1.110", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E4529134-BAC4-4776-840B-304009E181A0", "versionEndExcluding": "6.6.51", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "ACDEE48C-137A-4731-90D0-A675865E1BED", "versionEndExcluding": "6.10.10", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*", "matchCriteriaId": "8B3CE743-2126-47A3-8B7C-822B502CF119", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*", "matchCriteriaId": "4DEB27E7-30AA-45CC-8934-B89263EF3551", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*", "matchCriteriaId": "E0005AEF-856E-47EB-BFE4-90C46899394D", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc4:*:*:*:*:*:*", "matchCriteriaId": "39889A68-6D34-47A6-82FC-CD0BF23D6754", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc5:*:*:*:*:*:*", "matchCriteriaId": "B8383ABF-1457-401F-9B61-EE50F4C61F4F", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc6:*:*:*:*:*:*", "matchCriteriaId": "B77A9280-37E6-49AD-B559-5B23A3B1DC3D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: iio: frequency: ad9834: Validate frequency parameter value\n\nIn ad9834_write_frequency() clk_get_rate() can return 0. In such case\nad9834_calc_freqreg() call will lead to division by zero. Checking\n'if (fout > (clk_freq / 2))' doesn't protect in case of 'fout' is 0.\nad9834_write_frequency() is called from ad9834_write(), where fout is\ntaken from text buffer, which can contain any value.\n\nModify parameters checking.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: staging: iio: frequency: ad9834: Validar el valor del par\u00e1metro de frecuencia En ad9834_write_frequency(), clk_get_rate() puede devolver 0. En tal caso, la llamada a ad9834_calc_freqreg() dar\u00e1 lugar a una divisi\u00f3n por cero. La comprobaci\u00f3n de 'if (fout > (clk_freq / 2))' no protege en caso de que 'fout' sea 0. ad9834_write_frequency() se llama desde ad9834_write(), donde fout se toma del b\u00fafer de texto, que puede contener cualquier valor. Comprobaci\u00f3n de modificaci\u00f3n de par\u00e1metros. Encontrado por Linux Verification Center (linuxtesting.org) con SVACE."}], "id": "CVE-2024-47663", "lastModified": "2024-11-08T16:15:24.277", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-10-09T15:15:15.150", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/0e727707a239d5c519fc9abc2f0fd913516a7e47"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3ba9abfcaa9e16bb91ed7e0e2b42e94a157a953e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/41cc91e3138fe52f8da92a81bebcd0e6cf488c53"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/5edc3a45ef428501000a7b23d0e1777a548907f6"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/8961b245e8f92bccbaacfbbdf69eba60e3e7c227"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b48aa991758999d4e8f9296c5bbe388f293ef465"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/d8b09a5edc4a634373158c1a405491de3c52e58a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/dc12e49f970b08d8b007b8981b97e2eb93c0e89d"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-369"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: staging: iio: frequency: ad9834: Validate frequency parameter value", "id": "2317606", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2317606"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-369", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nstaging: iio: frequency: ad9834: Validate frequency parameter value\nIn ad9834_write_frequency() clk_get_rate() can return 0. In such case\nad9834_calc_freqreg() call will lead to division by zero. Checking\n'if (fout > (clk_freq / 2))' doesn't protect in case of 'fout' is 0.\nad9834_write_frequency() is called from ad9834_write(), where fout is\ntaken from text buffer, which can contain any value.\nModify parameters checking.\nFound by Linux Verification Center (linuxtesting.org) with SVACE."], "name": "CVE-2024-47663", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-10-09T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-47663\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-47663\nhttps://lore.kernel.org/linux-cve-announce/2024100904-CVE-2024-47663-9bdc@gregkh/T"], "threat_severity": "Moderate"}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object