CVE-2024-40994

ptp: fix integer overflow in max_vclocks_store

Description

In the Linux kernel, the following vulnerability has been resolved: ptp: fix integer overflow in max_vclocks_store On 32bit systems, the "4 * max" multiply can overflow. Use kcalloc() to do the allocation to prevent this.

Category

7.8
CVSS
Severity: High
CVSS 3.1 •
EPSS 0.05%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/4b03da87d0b7074c93d9662c6e1a8939f9b8b86e patch
https://git.kernel.org/stable/c/d50d62d5e6ee6aa03c00bddb91745d0b632d3b0f patch
https://git.kernel.org/stable/c/666e934d749e50a37f3796caaf843a605f115b6f patch
https://git.kernel.org/stable/c/e1fccfb4638ee6188377867f6015d0ce35764a8e patch
https://git.kernel.org/stable/c/81d23d2a24012e448f651e007fac2cfd20a45ce0 patch

Frequently Asked Questions

What is the severity of CVE-2024-40994?
CVE-2024-40994 has been scored as a high severity vulnerability.
How to fix CVE-2024-40994?
To fix CVE-2024-40994, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-40994 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-40994 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-40994?
CVE-2024-40994 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.