CVE-2024-26664: hwmon: (coretemp) Fix out-of-bounds memory access
In the Linux kernel, the following vulnerability has been resolved:
hwmon: (coretemp) Fix out-of-bounds memory access
Fix a bug that pdata->cpumap[] is set before out-of-bounds check. The problem might be triggered on systems with more than 128 cores per package.
Other sources
In the Linux kernel, the following vulnerability has been resolved:
hwmon: (coretemp) Fix out-of-bounds memory access
The Linux kernel CVE team has assigned CVE-2024-26664 to this issue.
Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024040223-CVE-2024-26664-03db@gregkh/T
— Red Hat
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of CVE-2024-26664?
CVE-2024-26664 is classified as a medium severity vulnerability due to potential out-of-bounds memory access in the Linux kernel.
How do I fix CVE-2024-26664?
To fix CVE-2024-26664, update your Linux kernel to versions 4.19.307, 5.4.269, 5.10.210, 5.15.149, 6.1.78, 6.6.17, 6.7.5, or 6.8, or the appropriate versions from Debian.
What versions are affected by CVE-2024-26664?
CVE-2024-26664 affects Linux kernel versions prior to 4.19.307, 5.4.269, 5.10.210, 5.15.149, 6.1.78, 6.6.17, 6.7.5, and 6.8.
What causes CVE-2024-26664?
CVE-2024-26664 is caused by a bug in the hwmon subsystem that allows out-of-bounds memory access when the cpu_map[] array is improperly checked.
Who is impacted by CVE-2024-26664?
Users of the Linux kernel, particularly those with systems that have more than 128 cores per package, are impacted by CVE-2024-26664.