CVE-2024-53061 - Integer Underflow (Wrap or Wraparound)

Severity

78%

Complexity

18%

Confidentiality

98%

In the Linux kernel, the following vulnerability has been resolved: media: s5p-jpeg: prevent buffer overflows The current logic allows word to be less than 2. If this happens, there will be buffer overflows, as reported by smatch. Add extra checks to prevent it. While here, remove an unused word = 0 assignment.

CVSS 3.1 Base Score 7.8. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

Demo Examples

Integer Underflow (Wrap or Wraparound)

CWE-191

The following example subtracts from a 32 bit signed integer.


               
}
return 0;

The example has an integer underflow. The value of i is already at the lowest negative value possible, so after subtracting 1, the new value of i is 2147483647.

Overview

First reported 3 months ago

2024-11-19 18:15:00

Last updated 3 months ago

2024-11-22 17:51:00

Affected Software

Linux Kernel

References

https://git.kernel.org/stable/c/c5f6fefcda8fac8f082b6c5bf416567f4e100c51

https://git.kernel.org/stable/c/e5117f6e7adcf9fd7546cdd0edc9abe4474bc98b

https://git.kernel.org/stable/c/f54e8e1e39dacccebcfb9a9a36f0552a0a97e2ef

https://git.kernel.org/stable/c/a930cddfd153b5d4401df0c01effa14c831ff21e

https://git.kernel.org/stable/c/c85db2d4432de4ff9d97006691ce2dcb5bda660e

https://git.kernel.org/stable/c/784bc785a453eb2f8433dd62075befdfa1b2d6fd

https://git.kernel.org/stable/c/c951a0859fdacf49a2298b5551a7e52b95ff6f51

https://git.kernel.org/stable/c/14a22762c3daeac59a5a534e124acbb4d7a79b3a

https://git.kernel.org/stable/c/c5f6fefcda8fac8f082b6c5bf416567f4e100c51

Patch

https://git.kernel.org/stable/c/e5117f6e7adcf9fd7546cdd0edc9abe4474bc98b

Patch

https://git.kernel.org/stable/c/f54e8e1e39dacccebcfb9a9a36f0552a0a97e2ef

Patch

https://git.kernel.org/stable/c/a930cddfd153b5d4401df0c01effa14c831ff21e

Patch

https://git.kernel.org/stable/c/c85db2d4432de4ff9d97006691ce2dcb5bda660e

Patch

https://git.kernel.org/stable/c/784bc785a453eb2f8433dd62075befdfa1b2d6fd

Patch

https://git.kernel.org/stable/c/c951a0859fdacf49a2298b5551a7e52b95ff6f51

Patch

https://git.kernel.org/stable/c/14a22762c3daeac59a5a534e124acbb4d7a79b3a

Patch

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.