{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-42086", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-29T15:50:41.170Z", "datePublished": "2024-07-29T16:26:27.075Z", "dateUpdated": "2024-11-05T09:37:07.958Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:37:07.958Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: chemical: bme680: Fix overflows in compensate() functions\n\nThere are cases in the compensate functions of the driver that\nthere could be overflows of variables due to bit shifting ops.\nThese implications were initially discussed here [1] and they\nwere mentioned in log message of Commit 1b3bd8592780 (\"iio:\nchemical: Add support for Bosch BME680 sensor\").\n\n[1]: https://lore.kernel.org/linux-iio/20180728114028.3c1bbe81@archlinux/"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/iio/chemical/bme680_core.c"], "versions": [{"version": "1b3bd8592780", "lessThan": "6fa31bbe2ea8", "status": "affected", "versionType": "git"}, {"version": "1b3bd8592780", "lessThan": "b0af334616ed", "status": "affected", "versionType": "git"}, {"version": "1b3bd8592780", "lessThan": "c326551e99f5", "status": "affected", "versionType": "git"}, {"version": "1b3bd8592780", "lessThan": "7a13d1357658", "status": "affected", "versionType": "git"}, {"version": "1b3bd8592780", "lessThan": "ba1bb3e2a38a", "status": "affected", "versionType": "git"}, {"version": "1b3bd8592780", "lessThan": "b5967393d50e", "status": "affected", "versionType": "git"}, {"version": "1b3bd8592780", "lessThan": "3add41bbda92", "status": "affected", "versionType": "git"}, {"version": "1b3bd8592780", "lessThan": "fdd478c3ae98", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/iio/chemical/bme680_core.c"], "versions": [{"version": "4.19", "status": "affected"}, {"version": "0", "lessThan": "4.19", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.317", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.279", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.221", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.162", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.97", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.37", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9.8", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/6fa31bbe2ea8665ee970258eb8320cbf231dbe9e"}, {"url": "https://git.kernel.org/stable/c/b0af334616ed425024bf220adda0f004806b5feb"}, {"url": "https://git.kernel.org/stable/c/c326551e99f5416986074ce78bef94f6a404b517"}, {"url": "https://git.kernel.org/stable/c/7a13d1357658d3a3c1cd7b3b9543c805a6e5e6e9"}, {"url": "https://git.kernel.org/stable/c/ba1bb3e2a38a7fef1c1818dd4f2d9abbfdde553a"}, {"url": "https://git.kernel.org/stable/c/b5967393d50e3c6e632efda3ea3fdde14c1bfd0e"}, {"url": "https://git.kernel.org/stable/c/3add41bbda92938e9a528d74659dfc552796be4e"}, {"url": "https://git.kernel.org/stable/c/fdd478c3ae98c3f13628e110dce9b6cfb0d9b3c8"}], "title": "iio: chemical: bme680: Fix overflows in compensate() functions", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:54:31.959Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/6fa31bbe2ea8665ee970258eb8320cbf231dbe9e", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b0af334616ed425024bf220adda0f004806b5feb", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/c326551e99f5416986074ce78bef94f6a404b517", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7a13d1357658d3a3c1cd7b3b9543c805a6e5e6e9", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ba1bb3e2a38a7fef1c1818dd4f2d9abbfdde553a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b5967393d50e3c6e632efda3ea3fdde14c1bfd0e", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/3add41bbda92938e9a528d74659dfc552796be4e", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/fdd478c3ae98c3f13628e110dce9b6cfb0d9b3c8", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-42086", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:18:54.149750Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:33:56.982Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-42086", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-29T15:50:41.170Z", "datePublished": "2024-07-29T16:26:27.075Z", "dateUpdated": "2024-08-02T04:54:31.959Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-07-29T16:26:27.075Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: chemical: bme680: Fix overflows in compensate() functions\n\nThere are cases in the compensate functions of the driver that\nthere could be overflows of variables due to bit shifting ops.\nThese implications were initially discussed here [1] and they\nwere mentioned in log message of Commit 1b3bd8592780 (\"iio:\nchemical: Add support for Bosch BME680 sensor\").\n\n[1]: https://lore.kernel.org/linux-iio/20180728114028.3c1bbe81@archlinux/"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/iio/chemical/bme680_core.c"], "versions": [{"version": "1b3bd8592780", "lessThan": "6fa31bbe2ea8", "status": "affected", "versionType": "git"}, {"version": "1b3bd8592780", "lessThan": "b0af334616ed", "status": "affected", "versionType": "git"}, {"version": "1b3bd8592780", "lessThan": "c326551e99f5", "status": "affected", "versionType": "git"}, {"version": "1b3bd8592780", "lessThan": "7a13d1357658", "status": "affected", "versionType": "git"}, {"version": "1b3bd8592780", "lessThan": "ba1bb3e2a38a", "status": "affected", "versionType": "git"}, {"version": "1b3bd8592780", "lessThan": "b5967393d50e", "status": "affected", "versionType": "git"}, {"version": "1b3bd8592780", "lessThan": "3add41bbda92", "status": "affected", "versionType": "git"}, {"version": "1b3bd8592780", "lessThan": "fdd478c3ae98", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/iio/chemical/bme680_core.c"], "versions": [{"version": "4.19", "status": "affected"}, {"version": "0", "lessThan": "4.19", "status": "unaffected", "versionType": "custom"}, {"version": "4.19.317", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.4.279", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.10.221", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.15.162", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.1.97", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.6.37", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.9.8", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/6fa31bbe2ea8665ee970258eb8320cbf231dbe9e"}, {"url": "https://git.kernel.org/stable/c/b0af334616ed425024bf220adda0f004806b5feb"}, {"url": "https://git.kernel.org/stable/c/c326551e99f5416986074ce78bef94f6a404b517"}, {"url": "https://git.kernel.org/stable/c/7a13d1357658d3a3c1cd7b3b9543c805a6e5e6e9"}, {"url": "https://git.kernel.org/stable/c/ba1bb3e2a38a7fef1c1818dd4f2d9abbfdde553a"}, {"url": "https://git.kernel.org/stable/c/b5967393d50e3c6e632efda3ea3fdde14c1bfd0e"}, {"url": "https://git.kernel.org/stable/c/3add41bbda92938e9a528d74659dfc552796be4e"}, {"url": "https://git.kernel.org/stable/c/fdd478c3ae98c3f13628e110dce9b6cfb0d9b3c8"}], "title": "iio: chemical: bme680: Fix overflows in compensate() functions", "x_generator": {"engine": "bippy-c9c4e1df01b2"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-42086", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:18:54.149750Z"}}}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2024-09-11T12:42:19.797Z"}, "title": "CISA ADP Vulnrichment"}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: chemical: bme680: Fix overflows in compensate() functions\n\nThere are cases in the compensate functions of the driver that\nthere could be overflows of variables due to bit shifting ops.\nThese implications were initially discussed here [1] and they\nwere mentioned in log message of Commit 1b3bd8592780 (\"iio:\nchemical: Add support for Bosch BME680 sensor\").\n\n[1]: https://lore.kernel.org/linux-iio/20180728114028.3c1bbe81@archlinux/"}, {"lang": "es", "value": " En el kernel de Linux se ha solucionado la siguiente vulnerabilidad: iio:chemical:bme680: Corregir desbordamientos en funciones de compensaci\u00f3n(). Hay casos en las funciones de compensaci\u00f3n del controlador en los que se pueden producir desbordamientos de variables por operaciones de cambio de bits. Estas implicaciones se discutieron inicialmente aqu\u00ed [1] y se mencionaron en el mensaje de registro del compromiso 1b3bd8592780 (\"iio: qu\u00edmico: agregar soporte para el sensor Bosch BME680\"). [1]: https://lore.kernel.org/linux-iio/20180728114028.3c1bbe81@archlinux/"}], "id": "CVE-2024-42086", "lastModified": "2024-07-30T13:33:30.653", "metrics": {}, "published": "2024-07-29T17:15:11.303", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/3add41bbda92938e9a528d74659dfc552796be4e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/6fa31bbe2ea8665ee970258eb8320cbf231dbe9e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/7a13d1357658d3a3c1cd7b3b9543c805a6e5e6e9"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/b0af334616ed425024bf220adda0f004806b5feb"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/b5967393d50e3c6e632efda3ea3fdde14c1bfd0e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/ba1bb3e2a38a7fef1c1818dd4f2d9abbfdde553a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/c326551e99f5416986074ce78bef94f6a404b517"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/fdd478c3ae98c3f13628e110dce9b6cfb0d9b3c8"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: iio: chemical: bme680: Fix overflows in compensate() functions", "id": "2300535", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2300535"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "status": "draft"}, "cwe": "CWE-190", "details": ["In the Linux kernel, the following vulnerability has been resolved:\niio: chemical: bme680: Fix overflows in compensate() functions\nThere are cases in the compensate functions of the driver that\nthere could be overflows of variables due to bit shifting ops.\nThese implications were initially discussed here [1] and they\nwere mentioned in log message of Commit 1b3bd8592780 (\"iio:\nchemical: Add support for Bosch BME680 sensor\").\n[1]: https://lore.kernel.org/linux-iio/20180728114028.3c1bbe81@archlinux/", "A flaw was found in`iio: chemical: bme680` in the Linux kernel's driver for Bosch BME680 sensors. This issue occurs due to potential overflows in the `compensate()` functions caused by improper bit-shifting operations. These overflows could lead to incorrect sensor data or system instability."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-42086", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-07-29T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-42086\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-42086\nhttps://lore.kernel.org/linux-cve-announce/2024072944-CVE-2024-42086-18b8@gregkh/T"], "statement": "Red Hat Enterprise Linux is not vulnerable to this CVE, as it does not affect the versions or configurations of the Linux kernel used in its distributions.", "threat_severity": "Moderate", "upstream_fix": "kernel 4.19.317, kernel 5.4.279, kernel 5.10.221, kernel 5.15.162, kernel 6.1.97, kernel 6.6.37, kernel 6.9.8, kernel 6.10"}