In the Linux kernel, the following vulnerability has been resolved:
iio: Fix the sorting functionality in iio_gts_build_avail_time_table
The sorting in iio_gts_build_avail_time_table is not working as intended.
It could result in an out-of-bounds access when the time is zero.
Here are more details:
3, 0, 1
, the inner for-loop will not terminate and dotimes[j] > new
, the valuenew
will be added in the current position and the times[j]
will bej+1
position, which makes the if-condition always hold.OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 24.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux-azure | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux-gcp | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux-gke | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-hwe-6.8 | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux-ibm | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux-intel | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux-lowlatency | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-lowlatency-hwe-6.8 | < any | UNKNOWN |
git.kernel.org/linus/5acc3f971a01be48d5ff4252d8f9cdb87998cdfb (6.11-rc1)
git.kernel.org/stable/c/31ff8464ef540785344994986a010031410f9ff3
git.kernel.org/stable/c/5acc3f971a01be48d5ff4252d8f9cdb87998cdfb
git.kernel.org/stable/c/b5046de32fd1532c3f67065197fc1da82f0b5193
launchpad.net/bugs/cve/CVE-2024-43825
nvd.nist.gov/vuln/detail/CVE-2024-43825
security-tracker.debian.org/tracker/CVE-2024-43825
www.cve.org/CVERecord?id=CVE-2024-43825