CVE-2024-42223

media: dvb-frontends: tda10048: Fix integer overflow

Description

In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: tda10048: Fix integer overflow state->xtal_hz can be up to 16M, so it can overflow a 32 bit integer when multiplied by pll_mfactor. Create a new 64 bit variable to hold the calculations.

References

Link	Tags
https://git.kernel.org/stable/c/8167e4d7dc086d4f7ca7897dcff3827e4d22c99a	patch
https://git.kernel.org/stable/c/5c72587d024f087aecec0221eaff2fe850d856ce	patch
https://git.kernel.org/stable/c/e1ba22618758e95e09c9fd30c69ccce38edf94c0	patch
https://git.kernel.org/stable/c/bd5620439959a7e02012588c724c6ff5143b80af	patch
https://git.kernel.org/stable/c/1663e2474e4d777187d749a5c90ae83232db32bd	patch
https://git.kernel.org/stable/c/8ac224e9371dc3c4eb666033e6b42d05cf5184a1	patch
https://git.kernel.org/stable/c/1121d8a5c6ed6b8fad492e43b63b386cb6a3a9d8	patch
https://git.kernel.org/stable/c/1aa1329a67cc214c3b7bd2a14d1301a795760b07	patch

Frequently Asked Questions

What is the severity of CVE-2024-42223?: CVE-2024-42223 has been scored as a medium severity vulnerability.
How to fix CVE-2024-42223?: To fix CVE-2024-42223, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-42223 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2024-42223 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-42223?: CVE-2024-42223 affects Linux Linux, Linux Linux.

Description

Category

CWE-190 – Integer Overflow or Wraparound

References

Frequently Asked Questions