SB2024122719 - Buffer overflow in Linux kernel hwmon driver
Published: December 27, 2024 Updated: May 12, 2025
Security Bulletin ID
SB2024122719
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Buffer overflow (CVE-ID: CVE-2024-53159)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the store_target_temp(), store_temp_tolerance() and store_weight_temp() functions in drivers/hwmon/nct6775-core.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/57ee12b6c514146c19b6a159013b48727a012960
- https://git.kernel.org/stable/c/685c10269c41d23d7a2b85d3fd6b6345390c8746
- https://git.kernel.org/stable/c/a4712e4485f5c388bbe0d0e8f52978241ab34a29
- https://git.kernel.org/stable/c/ae703f8ff083c5267af30d6c8cf096d562623b3b
- https://git.kernel.org/stable/c/dfa8bedfffcae87976b34a45a724deb9c3a0a88e
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.2