CVE-2024-26966

clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays

Description

In the Linux kernel, the following vulnerability has been resolved: clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays The frequency table arrays are supposed to be terminated with an empty element. Add such entry to the end of the arrays where it is missing in order to avoid possible out-of-bound access when the table is traversed by functions like qcom_find_freq() or qcom_find_freq_floor(). Only compile tested.

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.04%
Third-Party Advisory debian.org Third-Party Advisory debian.org
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/5533686e99b04994d7c4877dc0e4282adc9444a2 patch
https://git.kernel.org/stable/c/b2dfb216f32627c2f6a8041f2d9d56d102ab87c0 patch
https://git.kernel.org/stable/c/a09aecb6cb482de88301c43bf00a6c8726c4d34f patch
https://git.kernel.org/stable/c/3aedcf3755c74dafc187eb76acb04e3e6348b1a9 patch
https://git.kernel.org/stable/c/185de0b7cdeaad8b89ebd4c8a258ff2f21adba99 patch
https://git.kernel.org/stable/c/9b4c4546dd61950e80ffdca1bf6925f42b665b03 patch
https://git.kernel.org/stable/c/7e5432401536117c316d7f3b21d46b64c1514f38 patch
https://git.kernel.org/stable/c/5638330150db2cc30b53eed04e481062faa3ece8 patch
https://git.kernel.org/stable/c/a903cfd38d8dee7e754fb89fd1bebed99e28003d patch
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html mailing list third party advisory
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html mailing list third party advisory

Frequently Asked Questions

What is the severity of CVE-2024-26966?
CVE-2024-26966 has been scored as a medium severity vulnerability.
How to fix CVE-2024-26966?
To fix CVE-2024-26966, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-26966 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-26966 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-26966?
CVE-2024-26966 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.