CVE-2024-56739

rtc: check if __rtc_read_time was successful in rtc_timer_do_work()

Description

In the Linux kernel, the following vulnerability has been resolved: rtc: check if __rtc_read_time was successful in rtc_timer_do_work() If the __rtc_read_time call fails,, the struct rtc_time tm; may contain uninitialized data, or an illegal date/time read from the RTC hardware. When calling rtc_tm_to_ktime later, the result may be a very large value (possibly KTIME_MAX). If there are periodic timers in rtc->timerqueue, they will continually expire, may causing kernel softlockup.

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.04%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/39ad0a1ae17b54509cd9e93dcd8cec16e7c12d3f patch
https://git.kernel.org/stable/c/44b3257ff705d63d5f00ef8ed314a0eeb7ec37f2 patch
https://git.kernel.org/stable/c/0d68e8514d9040108ff7d1b37ca71096674b6efe patch
https://git.kernel.org/stable/c/246f621d363988e7040f4546d20203dc713fa3e1 patch
https://git.kernel.org/stable/c/fde56535505dde3336df438e949ef4742b6d6d6e patch
https://git.kernel.org/stable/c/dd4b1cbcc916fad5d10c2662b62def9f05e453d4 patch
https://git.kernel.org/stable/c/a1f0b4af90cc18b10261ecde56c6a56b22c75bd1 patch
https://git.kernel.org/stable/c/e77bce0a8c3989b4173c36f4195122bca8f4a3e1 patch
https://git.kernel.org/stable/c/e8ba8a2bc4f60a1065f23d6a0e7cbea945a0f40d patch

Frequently Asked Questions

What is the severity of CVE-2024-56739?
CVE-2024-56739 has been scored as a medium severity vulnerability.
How to fix CVE-2024-56739?
To fix CVE-2024-56739, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-56739 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-56739 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-56739?
CVE-2024-56739 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.