CVE-2024-46759

In the Linux kernel, the following vulnerability has been resolved: hwmon: (adc128d818) Fix underflows seen when writing limit attributes DIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large negative number such as -9223372036854775808 is provided by the user. Fix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/019ef2d396363ecddc46e826153a842f8603799b	Patch
https://git.kernel.org/stable/c/05419d0056dcf7088687e561bb583cc06deba777	Patch
https://git.kernel.org/stable/c/2a3add62f183459a057336381ef3a896da01ce38	Patch
https://git.kernel.org/stable/c/6891b11a0c6227ca7ed15786928a07b1c0e4d4af	Patch
https://git.kernel.org/stable/c/7645d783df23878342d5d8d22030c3861d2d5426	Patch
https://git.kernel.org/stable/c/8cad724c8537fe3e0da8004646abc00290adae40	Patch
https://git.kernel.org/stable/c/b0bdb43852bf7f55ba02f0cbf00b4ea7ca897bff	Patch
https://git.kernel.org/stable/c/f7f5101af5b47a331cdbfa42ba64c507b47dd1fe	Patch
https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

History

03 Nov 2025, 23:15

Type	Values Removed	Values Added
References		() https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html - () https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html -

Information

Published : 2024-09-18 08:15

Updated : 2025-11-03 23:15

NVD link : CVE-2024-46759

Mitre link : CVE-2024-46759

CVE.ORG link : CVE-2024-46759

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-191

Integer Underflow (Wrap or Wraparound)

{"id": "CVE-2024-46759", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2024-09-18T08:15:04.413", "references": [{"url": "https://git.kernel.org/stable/c/019ef2d396363ecddc46e826153a842f8603799b", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/05419d0056dcf7088687e561bb583cc06deba777", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/2a3add62f183459a057336381ef3a896da01ce38", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/6891b11a0c6227ca7ed15786928a07b1c0e4d4af", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/7645d783df23878342d5d8d22030c3861d2d5426", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/8cad724c8537fe3e0da8004646abc00290adae40", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/b0bdb43852bf7f55ba02f0cbf00b4ea7ca897bff", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/f7f5101af5b47a331cdbfa42ba64c507b47dd1fe", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-191"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (adc128d818) Fix underflows seen when writing limit attributes\n\nDIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large\nnegative number such as -9223372036854775808 is provided by the user.\nFix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: hwmon: (adc128d818) Se corrigen los desbordamientos de l\u00ednea observados al escribir los atributos de l\u00edmite DIV_ROUND_CLOSEST() despu\u00e9s de que kstrtol() genere un desbordamiento de l\u00ednea si el usuario proporciona un n\u00famero negativo grande, como -9223372036854775808. Se soluciona reordenando las operaciones clamp_val() y DIV_ROUND_CLOSEST()."}], "lastModified": "2025-11-03T23:15:59.470", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "29162FB8-5FA4-4DC4-86CE-5EB0CAEEF2F3", "versionEndExcluding": "4.19.322"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6265A402-9C3C-438F-BFC5-4194B2568B85", "versionEndExcluding": "5.4.284", "versionStartIncluding": "4.20"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "864FC17C-501A-4823-A643-6F35D65D8A97", "versionEndExcluding": "5.10.226", "versionStartIncluding": "5.5"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "043405A4-25FE-45D4-A7BB-2A0C3B7D17C1", "versionEndExcluding": "5.15.167", "versionStartIncluding": "5.11"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6B1A95FC-7E7E-428B-BB59-F76640C652AE", "versionEndExcluding": "6.1.110", "versionStartIncluding": "5.16"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E4529134-BAC4-4776-840B-304009E181A0", "versionEndExcluding": "6.6.51", "versionStartIncluding": "6.2"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ACDEE48C-137A-4731-90D0-A675865E1BED", "versionEndExcluding": "6.10.10", "versionStartIncluding": "6.7"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}