CVE-2024-42086

iio: chemical: bme680: Fix overflows in compensate() functions

Description

In the Linux kernel, the following vulnerability has been resolved: iio: chemical: bme680: Fix overflows in compensate() functions There are cases in the compensate functions of the driver that there could be overflows of variables due to bit shifting ops. These implications were initially discussed here [1] and they were mentioned in log message of Commit 1b3bd8592780 ("iio: chemical: Add support for Bosch BME680 sensor"). [1]: https://lore.kernel.org/linux-iio/20180728114028.3c1bbe81@archlinux/

N/A
CVSS
Severity:
EPSS 0.19%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/6fa31bbe2ea8665ee970258eb8320cbf231dbe9e
https://git.kernel.org/stable/c/b0af334616ed425024bf220adda0f004806b5feb
https://git.kernel.org/stable/c/c326551e99f5416986074ce78bef94f6a404b517
https://git.kernel.org/stable/c/7a13d1357658d3a3c1cd7b3b9543c805a6e5e6e9
https://git.kernel.org/stable/c/ba1bb3e2a38a7fef1c1818dd4f2d9abbfdde553a
https://git.kernel.org/stable/c/b5967393d50e3c6e632efda3ea3fdde14c1bfd0e
https://git.kernel.org/stable/c/3add41bbda92938e9a528d74659dfc552796be4e
https://git.kernel.org/stable/c/fdd478c3ae98c3f13628e110dce9b6cfb0d9b3c8

Frequently Asked Questions

What is the severity of CVE-2024-42086?
CVE-2024-42086 has not yet been assigned a CVSS score.
How to fix CVE-2024-42086?
To fix CVE-2024-42086, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-42086 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-42086 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-42086?
CVE-2024-42086 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.