Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2024-43825 | First vendor Publication | 2024-08-17 |
| Vendor | Cve | Last vendor Modification | 2024-09-30 |
Security-Database Scoring CVSS v3
| Cvss vector : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | |||
|---|---|---|---|
| Overall CVSS Score | 7.8 | ||
| Base Score | 7.8 | Environmental Score | 7.8 |
| impact SubScore | 5.9 | Temporal Score | 7.8 |
| Exploitabality Sub Score | 1.8 | ||
| Attack Vector | Local | Attack Complexity | Low |
| Privileges Required | Low | User Interaction | None |
| Scope | Unchanged | Confidentiality Impact | High |
| Integrity Impact | High | Availability Impact | High |
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : | |||
|---|---|---|---|
| Cvss Base Score | N/A | Attack Range | N/A |
| Cvss Impact Score | N/A | Attack Complexity | N/A |
| Cvss Expoit Score | N/A | Authentication | N/A |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| In the Linux kernel, the following vulnerability has been resolved: iio: Fix the sorting functionality in iio_gts_build_avail_time_table The sorting in iio_gts_build_avail_time_table is not working as intended. It could result in an out-of-bounds access when the time is zero. Here are more details: 1. When the gts->itime_table[i].time_us is zero, e.g., the time sequence is `3, 0, 1`, the inner for-loop will not terminate and do out-of-bound writes. This is because once `times[j] > new`, the value `new` will be added in the current position and the `times[j]` will be moved to `j+1` position, which makes the if-condition always hold. Meanwhile, idx will be added one, making the loop keep running without termination and out-of-bound write. 2. If none of the gts->itime_table[i].time_us is zero, the elements will just be copied without being sorted as described in the comment "Sort times from all tables to one and remove duplicates". For more details, please refer to https://lore.kernel.org/all/6dd0d822-046c-4dd2-9532-79d7ab96ec05@gmail.com. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43825 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-787 | Out-of-bounds Write (CWE/SANS Top 25) |
CPE : Common Platform Enumeration
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2025-01-08 03:04:31 |
|
| 2025-01-07 03:04:04 |
|
| 2024-12-25 03:02:42 |
|
| 2024-12-12 03:05:38 |
|
| 2024-11-23 03:02:40 |
|
| 2024-11-22 03:00:52 |
|
| 2024-11-20 02:59:11 |
|
| 2024-11-14 02:59:30 |
|
| 2024-11-09 02:59:30 |
|
| 2024-10-26 02:56:55 |
|
| 2024-10-25 02:58:48 |
|
| 2024-10-23 02:58:01 |
|
| 2024-10-02 17:27:48 |
|
| 2024-10-02 00:28:00 |
|
| 2024-09-30 17:27:53 |
|
| 2024-08-19 17:27:25 |
|
| 2024-08-17 17:27:28 |
|
