[SRU][N][PATCH 0/1] CVE-2024-46757
Bethany Jamison
bethany.jamison at canonical.com
Fri Oct 11 19:47:49 UTC 2024
[Impact]
DIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large
negative number such as -9223372036854775808 is provided by the user.
Fix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations.
[Fix]
Noble: Clean cherry-pick from linux-6.10.y
Jammy: pending (5.15.0-125.135)
Focal: pending (5.4.0-200.220)
Bionic: fix sent to esm ML
Xenial: fix sent to esm ML
Trusty: won't fix
[Test Case]
Compile tested, lack the hardware to boot test.
[Where problems could occur]
This fix affects those who use the driver for the hardware monitoring
functionality of Nuvoton NCT677x Super-I/O chips, an issue with this
fix would be visible to the user via data corruption or inaccuracy.
Guenter Roeck (1):
hwmon: (nct6775-core) Fix underflows seen when writing limit
attributes
drivers/hwmon/nct6775-core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--
2.34.1
More information about the kernel-team
mailing list