CVE-2024-53081 - Integer Underflow (Wrap or Wraparound)

Severity

55%

Complexity

18%

Confidentiality

60%

In the Linux kernel, the following vulnerability has been resolved: media: ar0521: don't overflow when checking PLL values The PLL checks are comparing 64 bit integers with 32 bit ones, as reported by Coverity. Depending on the values of the variables, this may underflow. Fix it ensuring that both sides of the expression are u64.

CVSS 3.1 Base Score 5.5. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Demo Examples

Integer Underflow (Wrap or Wraparound)

CWE-191

The following example subtracts from a 32 bit signed integer.


               
}
return 0;

The example has an integer underflow. The value of i is already at the lowest negative value possible, so after subtracting 1, the new value of i is 2147483647.

Overview

First reported 6 months ago

2024-11-19 18:15:00

Last updated 6 months ago

2024-11-27 16:56:00

Affected Software

Linux Kernel

References

https://git.kernel.org/stable/c/5e1523076acf95b4ea68d19b6f27e6891267cc24

https://git.kernel.org/stable/c/a244b82d0ae60326901f2b50c15e3118298b7ecd

https://git.kernel.org/stable/c/97ed0c0332d5525653668b31acf62ff1e6b50784

https://git.kernel.org/stable/c/438d3085ba5b8b5bfa5290faa594e577f6ac9aa7

https://git.kernel.org/stable/c/5e1523076acf95b4ea68d19b6f27e6891267cc24

Patch

https://git.kernel.org/stable/c/a244b82d0ae60326901f2b50c15e3118298b7ecd

Patch

https://git.kernel.org/stable/c/97ed0c0332d5525653668b31acf62ff1e6b50784

Patch

https://git.kernel.org/stable/c/438d3085ba5b8b5bfa5290faa594e577f6ac9aa7

Patch

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.