CVE-2024-24861

2024-02-0508:15:45

CWE-362

[email protected]

web.nvd.nist.gov

cve-2024-24861

linux kernel

media

xc4000

race condition

overflow issue

denial of service

6.3 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H

6.1 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

8.8%

JSON

A race condition was found in the Linux kernel’s media/xc4000 device driver in xc4000 xc4000_get_frequency() function. This can result in return value overflow issue, possibly leading to malfunction or denial of service issue.

Affected configurations

NVD

Node

linuxlinux_kernelRange≤3.0.101

linuxlinux_kernelRange6.0–6.7.2

linuxlinux_kernelMatch3.1rc1

linuxlinux_kernelMatch6.8rc1

CPENameOperatorVersion
linux:linux_kernellinux linux kernelle3.0.101
linux:linux_kernellinux linux kernelle6.7.2
linux:linux_kernellinux linux kerneleq3.1
linux:linux_kernellinux linux kerneleq6.8

CPE	Name	Operator	Version
linux:linux_kernel	linux linux kernel	le	3.0.101
linux:linux_kernel	linux linux kernel	le	6.7.2
linux:linux_kernel	linux linux kernel	eq	3.1
linux:linux_kernel	linux linux kernel	eq	6.8

CNA Affected

[
  {
    "collectionURL": "https://kernel.org/",
    "defaultStatus": "unaffected",
    "modules": [
      "media",
      "xc4000"
    ],
    "packageName": "kernel",
    "platforms": [
      "Linux",
      "x86",
      "ARM"
    ],
    "product": "Linux kernel",
    "programFiles": [
      "https://gitee.com/anolis/cloud-kernel/blob/devel-5.10/drivers/media/tuners/xc4000.c"
    ],
    "repo": "https://gitee.com/anolis/cloud-kernel.git",
    "vendor": "Linux",
    "versions": [
      {
        "lessThan": "v6.8-rc1",
        "status": "affected",
        "version": "v3.1-rc1",
        "versionType": "custom"
      }
    ]
  }
]