{
  "id": "CVE-2024-39461",
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "published": "2024-06-25T15:15:14.500",
  "lastModified": "2024-11-21T09:27:42.720",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: bcm: rpi: Assign ->num before accessing ->hws\n\nCommit f316cdff8d67 (\"clk: Annotate struct clk_hw_onecell_data with\n__counted_by\") annotated the hws member of 'struct clk_hw_onecell_data'\nwith __counted_by, which informs the bounds sanitizer about the number\nof elements in hws, so that it can warn when hws is accessed out of\nbounds. As noted in that change, the __counted_by member must be\ninitialized with the number of elements before the first array access\nhappens, otherwise there will be a warning from each access prior to the\ninitialization because the number of elements is zero. This occurs in\nraspberrypi_discover_clocks() due to ->num being assigned after ->hws\nhas been accessed:\n\n  UBSAN: array-index-out-of-bounds in drivers/clk/bcm/clk-raspberrypi.c:374:4\n  index 3 is out of range for type 'struct clk_hw *[] __counted_by(num)' (aka 'struct clk_hw *[]')\n\nMove the ->num initialization to before the first access of ->hws, which\nclears up the warning."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: clk: bcm: rpi: Assign -&gt;num before accessing -&gt;hws Commit f316cdff8d67 (\"clk: Annotate struct clk_hw_onecell_data with __counted_by\") anot\u00f3 el miembro hws de 'struct clk_hw_onecell_data' con __counted_by, que informa al sanitizante de los l\u00edmites sobre la cantidad de elementos en hws, para que pueda advertir cuando se accede a hws fuera de los l\u00edmites. Como se se\u00f1al\u00f3 en ese cambio, el miembro __counted_by debe inicializarse con la cantidad de elementos antes de que ocurra el primer acceso a la matriz; de lo contrario, habr\u00e1 una advertencia de cada acceso antes de la inicializaci\u00f3n porque la cantidad de elementos es cero. Esto ocurre en raspberrypi_discover_clocks() debido a que -&gt;num se asigna despu\u00e9s de que se haya accedido a -&gt;hws: UBSAN: array-index-out-of-bounds in drivers/clk/bcm/clk-raspberrypi.c:374:4 index 3 est\u00e1 fuera del rango para el tipo 'struct clk_hw *[] __counted_by(num)' (tambi\u00e9n conocido como 'struct clk_hw *[]') Mueva la inicializaci\u00f3n -&gt;num antes del primer acceso de -&gt;hws, lo que borra la advertencia."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "availabilityImpact": "HIGH"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-129"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "6.6",
              "versionEndExcluding": "6.6.34",
              "matchCriteriaId": "AC0C6E24-8240-425A-BD1A-F78E6D3A67FC"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "6.7",
              "versionEndExcluding": "6.9.5",
              "matchCriteriaId": "8366481F-770F-4850-9D0F-2977BD97D5C5"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://git.kernel.org/stable/c/6dc445c1905096b2ed4db1a84570375b4e00cc0f",
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ]
    },
    {
      "url": "https://git.kernel.org/stable/c/9562dbe5cdbb16ac887d27ef6f179980bb99193c",
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ]
    },
    {
      "url": "https://git.kernel.org/stable/c/cdf9c7871d58d3df59d2775982e3533adb8ec920",
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ]
    },
    {
      "url": "https://git.kernel.org/stable/c/6dc445c1905096b2ed4db1a84570375b4e00cc0f",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ]
    },
    {
      "url": "https://git.kernel.org/stable/c/9562dbe5cdbb16ac887d27ef6f179980bb99193c",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ]
    },
    {
      "url": "https://git.kernel.org/stable/c/cdf9c7871d58d3df59d2775982e3533adb8ec920",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ]
    }
  ]
}