CVE-2024-57998

OPP: add index check to assert to avoid buffer overflow in _read_freq()

Description

In the Linux kernel, the following vulnerability has been resolved: OPP: add index check to assert to avoid buffer overflow in _read_freq() Pass the freq index to the assert function to make sure we do not read a freq out of the opp->rates[] table when called from the indexed variants: dev_pm_opp_find_freq_exact_indexed() or dev_pm_opp_find_freq_ceil/floor_indexed(). Add a secondary parameter to the assert function, unused for assert_single_clk() then add assert_clk_index() which will check for the clock index when called from the _indexed() find functions.

N/A
CVSS
Severity:
EPSS 0.04%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/774dd6f0f0a61c9c3848e025d7d9eeed1a7ca4cd
https://git.kernel.org/stable/c/eb6ffa0192ba83ece1a318b956265519c5c7dcec
https://git.kernel.org/stable/c/7d68c20638e50d5eb4576492a7958328ae445248
https://git.kernel.org/stable/c/da2a6acc73933b7812c94794726e438cde39e037
https://git.kernel.org/stable/c/d659bc68ed489022ea33342cfbda2911a81e7a0d

Frequently Asked Questions

What is the severity of CVE-2024-57998?
CVE-2024-57998 has not yet been assigned a CVSS score.
How to fix CVE-2024-57998?
To fix CVE-2024-57998, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-57998 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-57998 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-57998?
CVE-2024-57998 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.