{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-40994", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-12T12:17:45.606Z", "datePublished": "2024-07-12T12:37:37.124Z", "dateUpdated": "2024-12-19T09:09:40.021Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T09:09:40.021Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nptp: fix integer overflow in max_vclocks_store\n\nOn 32bit systems, the \"4 * max\" multiply can overflow. Use kcalloc()\nto do the allocation to prevent this."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/ptp/ptp_sysfs.c"], "versions": [{"version": "44c494c8e30e35713c7d11ca3c5ab332cbfabacf", "lessThan": "4b03da87d0b7074c93d9662c6e1a8939f9b8b86e", "status": "affected", "versionType": "git"}, {"version": "44c494c8e30e35713c7d11ca3c5ab332cbfabacf", "lessThan": "d50d62d5e6ee6aa03c00bddb91745d0b632d3b0f", "status": "affected", "versionType": "git"}, {"version": "44c494c8e30e35713c7d11ca3c5ab332cbfabacf", "lessThan": "666e934d749e50a37f3796caaf843a605f115b6f", "status": "affected", "versionType": "git"}, {"version": "44c494c8e30e35713c7d11ca3c5ab332cbfabacf", "lessThan": "e1fccfb4638ee6188377867f6015d0ce35764a8e", "status": "affected", "versionType": "git"}, {"version": "44c494c8e30e35713c7d11ca3c5ab332cbfabacf", "lessThan": "81d23d2a24012e448f651e007fac2cfd20a45ce0", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/ptp/ptp_sysfs.c"], "versions": [{"version": "5.14", "status": "affected"}, {"version": "0", "lessThan": "5.14", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.162", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.96", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.36", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9.7", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/4b03da87d0b7074c93d9662c6e1a8939f9b8b86e"}, {"url": "https://git.kernel.org/stable/c/d50d62d5e6ee6aa03c00bddb91745d0b632d3b0f"}, {"url": "https://git.kernel.org/stable/c/666e934d749e50a37f3796caaf843a605f115b6f"}, {"url": "https://git.kernel.org/stable/c/e1fccfb4638ee6188377867f6015d0ce35764a8e"}, {"url": "https://git.kernel.org/stable/c/81d23d2a24012e448f651e007fac2cfd20a45ce0"}], "title": "ptp: fix integer overflow in max_vclocks_store", "x_generator": {"engine": "bippy-5f407fcff5a0"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:39:56.058Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/4b03da87d0b7074c93d9662c6e1a8939f9b8b86e", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/d50d62d5e6ee6aa03c00bddb91745d0b632d3b0f", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/666e934d749e50a37f3796caaf843a605f115b6f", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/e1fccfb4638ee6188377867f6015d0ce35764a8e", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/81d23d2a24012e448f651e007fac2cfd20a45ce0", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-40994", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:01:38.458996Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:34:19.919Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/4b03da87d0b7074c93d9662c6e1a8939f9b8b86e", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/d50d62d5e6ee6aa03c00bddb91745d0b632d3b0f", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/666e934d749e50a37f3796caaf843a605f115b6f", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/e1fccfb4638ee6188377867f6015d0ce35764a8e", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/81d23d2a24012e448f651e007fac2cfd20a45ce0", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:39:56.058Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-40994", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:01:38.458996Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:22.041Z"}}], "cna": {"title": "ptp: fix integer overflow in max_vclocks_store", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "44c494c8e30e", "lessThan": "4b03da87d0b7", "versionType": "git"}, {"status": "affected", "version": "44c494c8e30e", "lessThan": "d50d62d5e6ee", "versionType": "git"}, {"status": "affected", "version": "44c494c8e30e", "lessThan": "666e934d749e", "versionType": "git"}, {"status": "affected", "version": "44c494c8e30e", "lessThan": "e1fccfb4638e", "versionType": "git"}, {"status": "affected", "version": "44c494c8e30e", "lessThan": "81d23d2a2401", "versionType": "git"}], "programFiles": ["drivers/ptp/ptp_sysfs.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.14"}, {"status": "unaffected", "version": "0", "lessThan": "5.14", "versionType": "semver"}, {"status": "unaffected", "version": "5.15.162", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.96", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.36", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.9.7", "versionType": "semver", "lessThanOrEqual": "6.9.*"}, {"status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/ptp/ptp_sysfs.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/4b03da87d0b7074c93d9662c6e1a8939f9b8b86e"}, {"url": "https://git.kernel.org/stable/c/d50d62d5e6ee6aa03c00bddb91745d0b632d3b0f"}, {"url": "https://git.kernel.org/stable/c/666e934d749e50a37f3796caaf843a605f115b6f"}, {"url": "https://git.kernel.org/stable/c/e1fccfb4638ee6188377867f6015d0ce35764a8e"}, {"url": "https://git.kernel.org/stable/c/81d23d2a24012e448f651e007fac2cfd20a45ce0"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nptp: fix integer overflow in max_vclocks_store\n\nOn 32bit systems, the \"4 * max\" multiply can overflow. Use kcalloc()\nto do the allocation to prevent this."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:34:41.480Z"}}}, "cveMetadata": {"cveId": "CVE-2024-40994", "state": "PUBLISHED", "dateUpdated": "2024-11-05T09:34:41.480Z", "dateReserved": "2024-07-12T12:17:45.606Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-07-12T12:37:37.124Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0A48FD5B-D0CA-4E4C-8D52-9395CBE79191", "versionEndExcluding": "5.15.162", "versionStartIncluding": "5.14", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "61E887B4-732A-40D2-9983-CC6F281EBFB7", "versionEndExcluding": "6.1.96", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E1046C95-860A-45B0-B718-2B29F65BFF10", "versionEndExcluding": "6.6.36", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0A047AF2-94AC-4A3A-B32D-6AB930D8EF1C", "versionEndExcluding": "6.9.7", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:*", "matchCriteriaId": "2EBB4392-5FA6-4DA9-9772-8F9C750109FA", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc2:*:*:*:*:*:*", "matchCriteriaId": "331C2F14-12C7-45D5-893D-8C52EE38EA10", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc3:*:*:*:*:*:*", "matchCriteriaId": "3173713D-909A-4DD3-9DD4-1E171EB057EE", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc4:*:*:*:*:*:*", "matchCriteriaId": "79F18AFA-40F7-43F0-BA30-7BDB65F918B9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nptp: fix integer overflow in max_vclocks_store\n\nOn 32bit systems, the \"4 * max\" multiply can overflow. Use kcalloc()\nto do the allocation to prevent this."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ptp: corrige el desbordamiento de enteros en max_vclocks_store En sistemas de 32 bits, la multiplicaci\u00f3n \"4 * max\" puede desbordarse. Utilice kcalloc() para realizar la asignaci\u00f3n y evitar esto."}], "id": "CVE-2024-40994", "lastModified": "2024-11-21T09:32:01.520", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "[email protected]", "type": "Primary"}]}, "published": "2024-07-12T13:15:20.620", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4b03da87d0b7074c93d9662c6e1a8939f9b8b86e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/666e934d749e50a37f3796caaf843a605f115b6f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/81d23d2a24012e448f651e007fac2cfd20a45ce0"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/d50d62d5e6ee6aa03c00bddb91745d0b632d3b0f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e1fccfb4638ee6188377867f6015d0ce35764a8e"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4b03da87d0b7074c93d9662c6e1a8939f9b8b86e"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/666e934d749e50a37f3796caaf843a605f115b6f"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/81d23d2a24012e448f651e007fac2cfd20a45ce0"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/d50d62d5e6ee6aa03c00bddb91745d0b632d3b0f"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e1fccfb4638ee6188377867f6015d0ce35764a8e"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "[email protected]", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: ptp: fix integer overflow in max_vclocks_store", "id": "2297578", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2297578"}, "csaw": false, "cvss3": {"cvss3_base_score": "0.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N", "status": "draft"}, "cwe": "CWE-190", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nptp: fix integer overflow in max_vclocks_store\nOn 32bit systems, the \"4 * max\" multiply can overflow. Use kcalloc()\nto do the allocation to prevent this.", "A vulnerability was found in the Linux kernel's ptp subsystem in ptp_sysfs.c file, where the max_vclocks_store function can cause an integer overflow on 32-bit systems. This issue occurs during a multiplication operation, potentially leading to incorrect memory allocation, resulting in memory corruption."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-40994", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-07-12T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-40994\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-40994\nhttps://lore.kernel.org/linux-cve-announce/2024071250-CVE-2024-40994-e16a@gregkh/T"], "statement": "The function where incorrect initialization of memory could happen is not being used. The idea is to make param max_vclocks configurable via /sys/class/ptp/ptpN/max_vclocks. However, /sys/class/ptp/ptp0/max_vclocks does not exist yet and this function is not being called.", "threat_severity": "Low", "upstream_fix": "kernel 5.15.162, kernel 6.1.96, kernel 6.6.36, kernel 6.9.7, kernel 6.10-rc5"}