CRITICAL🇵🇱 Wersja polska

CVE-2024-39462

CVSS 9.8v3.1pub. 2024-06-25upd. 2025-03-24

In the Linux kernel, the following vulnerability has been resolved: clk: bcm: dvp: Assign ->num before accessing ->hws Commit f316cdff8d67 ("clk: Annotate struct clk_hw_onecell_data with __counted_by") annotated the hws member of 'struct clk_hw_onecell_data' with __counted_by, which informs the bounds sanitizer about the number of elements in hws, so that it can warn when hws is accessed out of bounds. As noted in that change, the __counted_by member must be initialized with the number of elements before the first array access happens, otherwise there will be a warning from each access prior to the initialization because the number of elements is zero. This occurs in clk_dvp_probe() due to ->num being assigned after ->hws has been accessed: UBSAN: array-index-out-of-bounds in drivers/clk/bcm/clk-bcm2711-dvp.c:59:2 index 0 is out of range for type 'struct clk_hw *[] __counted_by(num)' (aka 'struct clk_hw *[]') Move the ->num initialization to before the first access of ->hws, which clears up the warning.

🤖 AI Analysis
How it works

Commit f316cdff8d67 marked the `hws` field of the `clk_hw_onecell_data` structure with the `__counted_by` annotation, which informs the bounds sanitizer mechanism about the number of elements in the array. In the `clk_dvp_probe()` function, the `->num` field (storing the number of elements) was assigned only after the first access to the `->hws` array, which causes the number of elements to be zero at the time of access. This results in triggering a UBSAN warning about array-index-out-of-bounds access on every access before counter initialization. The fix involves moving the initialization of `->num` before the first reference to `->hws`.

Impact

An attacker or malicious code able to trigger the appropriate path in the driver may lead to uncontrolled resource consumption or system instability; in extreme cases, it is possible to compromise the confidentiality, integrity and availability of the system, which is reflected in the CVSS vector (C:H/I:H/A:H).

Mitigation & patch

Patches available from the manufacturer should be applied in accordance with the references (commits: 0dc913217fb7, 9368cdf90f52, a1dd92fca0d6 in the stable branches of Linux Kernel available at git.kernel.org addresses indicated in the references).

Who is affected

Linux Kernel — versions indicated in the manufacturer's references (driver drivers/clk/bcm/clk-bcm2711-dvp.c); affects platforms based on Broadcom BCM2711 (e.g., Raspberry Pi 4).

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Linux Kernel

    OS
    Linux
    6.6 – 6.6.34 (bez)6.7 – 6.9.5 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Memory
CWE
References

Related vulnerabilities

CVE-2025-10585CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Type confusion w V8 (Google Chrome) — zdalne uszkodzenie sterty

CVE-2025-34028CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Commvault Command Center – nieuwierzytelniony RCE przez path traversal w ZIP

CVE-2022-47986CRITICAL9.8⚠ KEVten sam produkt

IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on t...

CVE-2022-22954CRITICAL9.8⚠ KEVten sam produkt

VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-s...

CVE-2020-4006CRITICAL9.1⚠ KEVten sam produkt

VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a...