CVE-2024-43852
HighIn the Linux kernel, the following vulnerability has been resolved: hwmon: (ltc2991) re-order conditions to fix off by one bug LTC2991_T_INT_CH_NR is 4. The st->temp_en[] array has LTC2991_MAX_CHANNEL (4) elements. Thus if "channel" is equal to LTC2991_T_INT_CH_NR then we have read one element beyond the end of the array. Flip the conditions around so that we check if "channel" is valid before using it as an array index.
CVSS 3.1 score
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness type
CWE-193CVE-2024-43852 is classified as CWE-193
See CWE-193 on MITRE CWE for full details on this weakness type.
References
The following references provide additional information about CVE-2024-43852 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.
-
PatchKernel patch commithttps://git.kernel.org/stable/c/99bf7c2eccff82760fa23ce967cc67c8c219c6a6
-
PatchKernel patch commithttps://git.kernel.org/stable/c/c180311c0a520692e2d0e9ca44dcd6c2ff1b41c4
Frequently asked questions
-
What is CVE-2024-43852?
CVE-2024-43852 is a High severity Linux kernel vulnerability with a CVSS score of 7.8 out of 10 . CVE-2024-43852 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
-
What is the CVSS score for CVE-2024-43852?
CVE-2024-43852 has a CVSS score of 7.8 out of 10, rated High severity (CVSS 3.1). The vector string is
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. -
Is there a patch available for CVE-2024-43852?
No patch is currently available for CVE-2024-43852. Monitor the NIST NVD and your Linux distribution's security advisories for updates.
-
Is CVE-2024-43852 actively exploited?
No — CVE-2024-43852 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.