CVE-2024-56739

Jan. 7, 2025, 9:21 p.m.

5.5
Medium

Description

In the Linux kernel, the following vulnerability has been resolved: rtc: check if __rtc_read_time was successful in rtc_timer_do_work() If the __rtc_read_time call fails,, the struct rtc_time tm; may contain uninitialized data, or an illegal date/time read from the RTC hardware. When calling rtc_tm_to_ktime later, the result may be a very large value (possibly KTIME_MAX). If there are periodic timers in rtc->timerqueue, they will continually expire, may causing kernel softlockup.

Product(s) Impacted

Vendor Product Versions
Linux
  • Linux Kernel
  • *

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-908
Use of Uninitialized Resource
The product uses or accesses a resource that has not been initialized.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /

References

https://git.kernel.org/stable/c/0d68e8514d9040108ff7d1b37ca71096674b6efe
https://git.kernel.org/stable/c/246f621d363988e7040f4546d20203dc713fa3e1
https://git.kernel.org/stable/c/39ad0a1ae17b54509cd9e93dcd8cec16e7c12d3f
https://git.kernel.org/stable/c/44b3257ff705d63d5f00ef8ed314a0eeb7ec37f2
https://git.kernel.org/stable/c/a1f0b4af90cc18b10261ecde56c6a56b22c75bd1
https://git.kernel.org/stable/c/dd4b1cbcc916fad5d10c2662b62def9f05e453d4
https://git.kernel.org/stable/c/e77bce0a8c3989b4173c36f4195122bca8f4a3e1
https://git.kernel.org/stable/c/e8ba8a2bc4f60a1065f23d6a0e7cbea945a0f40d
https://git.kernel.org/stable/c/fde56535505dde3336df438e949ef4742b6d6d6e

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
CWE-908
2024-12-29
CVE-2024-56739

CVSS Score

5.5 / 10

CVSS Data - 3.1

  • Attack Vector: LOCAL
  • Attack Complexity: LOW
  • Privileges Required: LOW
  • Scope: UNCHANGED
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: HIGH

    • CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

    View Vector String

Timeline

Published: Dec. 29, 2024, 12:15 p.m.
Last Modified: Jan. 7, 2025, 9:21 p.m.

Status : Analyzed

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.