CVE - CVE-2024-39461

CVE-ID
CVE-2024-39461	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
In the Linux kernel, the following vulnerability has been resolved: clk: bcm: rpi: Assign ->num before accessing ->hws Commit f316cdff8d67 ("clk: Annotate struct clk_hw_onecell_data with __counted_by") annotated the hws member of 'struct clk_hw_onecell_data' with __counted_by, which informs the bounds sanitizer about the number of elements in hws, so that it can warn when hws is accessed out of bounds. As noted in that change, the __counted_by member must be initialized with the number of elements before the first array access happens, otherwise there will be a warning from each access prior to the initialization because the number of elements is zero. This occurs in raspberrypi_discover_clocks() due to ->num being assigned after ->hws has been accessed: UBSAN: array-index-out-of-bounds in drivers/clk/bcm/clk-raspberrypi.c:374:4 index 3 is out of range for type 'struct clk_hw [] __counted_by(num)' (aka 'struct clk_hw []') Move the ->num initialization to before the first access of ->hws, which clears up the warning.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://git.kernel.org/stable/c/6dc445c1905096b2ed4db1a84570375b4e00cc0f URL:https://git.kernel.org/stable/c/6dc445c1905096b2ed4db1a84570375b4e00cc0f MISC:https://git.kernel.org/stable/c/9562dbe5cdbb16ac887d27ef6f179980bb99193c URL:https://git.kernel.org/stable/c/9562dbe5cdbb16ac887d27ef6f179980bb99193c MISC:https://git.kernel.org/stable/c/cdf9c7871d58d3df59d2775982e3533adb8ec920 URL:https://git.kernel.org/stable/c/cdf9c7871d58d3df59d2775982e3533adb8ec920
Assigning CNA
kernel.org
Date Record Created
20240625	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20240625)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)