Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: iio: magnetometer: rm3100: add boundary check for the value read from RM3100_REG_TMRC Recently, we encounter kernel crash in function rm3100_common_probe caused by out of bound access of array rm3100_samp_rates (because of underlying hardware failures). Add boundary check to prevent out of bound access.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 5.0, < 5.4.269 |
| Debian | Debian Linux | 10.0 |
Related Weaknesses (CWE)
References
- https://git.kernel.org/stable/c/176256ff8abff29335ecff905a09fb49e8dcf513Patch
- https://git.kernel.org/stable/c/1d8c67e94e9e977603473a543d4f322cf2c4aa01Patch
- https://git.kernel.org/stable/c/36a49290d7e6d554020057a409747a092b1d3b56Patch
- https://git.kernel.org/stable/c/57d05dbbcd0b3dc0c252103b43012eef5d6430d1Patch
- https://git.kernel.org/stable/c/7200170e88e3ec54d9e9c63f07514c3cead11481Patch
- https://git.kernel.org/stable/c/792595bab4925aa06532a14dd256db523eb4fa5ePatch
- https://git.kernel.org/stable/c/8d5838a473e8e6d812257c69745f5920e4924a60Patch
- https://git.kernel.org/stable/c/176256ff8abff29335ecff905a09fb49e8dcf513Patch
- https://git.kernel.org/stable/c/1d8c67e94e9e977603473a543d4f322cf2c4aa01Patch
- https://git.kernel.org/stable/c/36a49290d7e6d554020057a409747a092b1d3b56Patch
- https://git.kernel.org/stable/c/57d05dbbcd0b3dc0c252103b43012eef5d6430d1Patch
- https://git.kernel.org/stable/c/7200170e88e3ec54d9e9c63f07514c3cead11481Patch
- https://git.kernel.org/stable/c/792595bab4925aa06532a14dd256db523eb4fa5ePatch
- https://git.kernel.org/stable/c/8d5838a473e8e6d812257c69745f5920e4924a60Patch
- https://lists.debian.org/debian-lts-announce/2024/06/msg00017.htmlMailing ListThird Party Advisory
FAQ
What is CVE-2024-26702?
CVE-2024-26702 is a vulnerability with a CVSS score of 5.5 (MEDIUM). In the Linux kernel, the following vulnerability has been resolved: iio: magnetometer: rm3100: add boundary check for the value read from RM3100_REG_TMRC Recently, we encounter kernel crash in funct...
How severe is CVE-2024-26702?
CVE-2024-26702 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-26702?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Debian Debian Linux.