CVE-2024-42086
Severity CVSS v4.0:
Pending analysis
Type:
CWE-787
Out-of-bounds Write
Publication date:
29/07/2024
Last modified:
03/11/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
iio: chemical: bme680: Fix overflows in compensate() functions<br />
<br />
There are cases in the compensate functions of the driver that<br />
there could be overflows of variables due to bit shifting ops.<br />
These implications were initially discussed here [1] and they<br />
were mentioned in log message of Commit 1b3bd8592780 ("iio:<br />
chemical: Add support for Bosch BME680 sensor").<br />
<br />
[1]: https://lore.kernel.org/linux-iio/20180728114028.3c1bbe81@archlinux/
Impact
Base Score 3.x
7.80
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.19 (including) | 4.19.317 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.20 (including) | 5.4.279 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.5 (including) | 5.10.221 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.11 (including) | 5.15.162 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.16 (including) | 6.1.97 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.2 (including) | 6.6.37 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (including) | 6.9.8 (excluding) |
| cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.10:rc2:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.10:rc3:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.10:rc4:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.10:rc5:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/3add41bbda92938e9a528d74659dfc552796be4e
- https://git.kernel.org/stable/c/6fa31bbe2ea8665ee970258eb8320cbf231dbe9e
- https://git.kernel.org/stable/c/7a13d1357658d3a3c1cd7b3b9543c805a6e5e6e9
- https://git.kernel.org/stable/c/b0af334616ed425024bf220adda0f004806b5feb
- https://git.kernel.org/stable/c/b5967393d50e3c6e632efda3ea3fdde14c1bfd0e
- https://git.kernel.org/stable/c/ba1bb3e2a38a7fef1c1818dd4f2d9abbfdde553a
- https://git.kernel.org/stable/c/c326551e99f5416986074ce78bef94f6a404b517
- https://git.kernel.org/stable/c/fdd478c3ae98c3f13628e110dce9b6cfb0d9b3c8
- https://git.kernel.org/stable/c/3add41bbda92938e9a528d74659dfc552796be4e
- https://git.kernel.org/stable/c/6fa31bbe2ea8665ee970258eb8320cbf231dbe9e
- https://git.kernel.org/stable/c/7a13d1357658d3a3c1cd7b3b9543c805a6e5e6e9
- https://git.kernel.org/stable/c/b0af334616ed425024bf220adda0f004806b5feb
- https://git.kernel.org/stable/c/b5967393d50e3c6e632efda3ea3fdde14c1bfd0e
- https://git.kernel.org/stable/c/ba1bb3e2a38a7fef1c1818dd4f2d9abbfdde553a
- https://git.kernel.org/stable/c/c326551e99f5416986074ce78bef94f6a404b517
- https://git.kernel.org/stable/c/fdd478c3ae98c3f13628e110dce9b6cfb0d9b3c8
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html