CVE-2024-47663 - Vulnerability Details

- staging: iio: frequency: ad9834: Validate frequency parameter value

Description

In the Linux kernel, the following vulnerability has been resolved:

staging: iio: frequency: ad9834: Validate frequency parameter value

In ad9834_write_frequency() clk_get_rate() can return 0. In such case
ad9834_calc_freqreg() call will lead to division by zero. Checking
'if (fout > (clk_freq / 2))' doesn't protect in case of 'fout' is 0.
ad9834_write_frequency() is called from ad9834_write(), where fout is
taken from text buffer, which can contain any value.

Modify parameters checking.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Published: 2024-10-09

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`12b9d5bf76bfa20d3207ef24fca9c8254a586a58`	affected	< 5edc3a45ef428501000a7b23d0e1777a548907f6
`12b9d5bf76bfa20d3207ef24fca9c8254a586a58`	affected	< 0e727707a239d5c519fc9abc2f0fd913516a7e47
`12b9d5bf76bfa20d3207ef24fca9c8254a586a58`	affected	< 41cc91e3138fe52f8da92a81bebcd0e6cf488c53
`12b9d5bf76bfa20d3207ef24fca9c8254a586a58`	affected	< d8b09a5edc4a634373158c1a405491de3c52e58a
`12b9d5bf76bfa20d3207ef24fca9c8254a586a58`	affected	< 3ba9abfcaa9e16bb91ed7e0e2b42e94a157a953e
`12b9d5bf76bfa20d3207ef24fca9c8254a586a58`	affected	< dc12e49f970b08d8b007b8981b97e2eb93c0e89d
`12b9d5bf76bfa20d3207ef24fca9c8254a586a58`	affected	< 8961b245e8f92bccbaacfbbdf69eba60e3e7c227
`12b9d5bf76bfa20d3207ef24fca9c8254a586a58`	affected	< b48aa991758999d4e8f9296c5bbe388f293ef465

Linux

affected

Version	Status	Constraints
`2.6.38`	affected	—
`0`	unaffected	< 2.6.38
`4.19.323`	unaffected	≤ 4.19.*
`5.4.284`	unaffected	≤ 5.4.*
`5.10.226`	unaffected	≤ 5.10.*
`5.15.167`	unaffected	≤ 5.15.*
`6.1.110`	unaffected	≤ 6.1.*
`6.6.51`	unaffected	≤ 6.6.*
`6.10.10`	unaffected	≤ 6.10.*
`6.11`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.11:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.11:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.11:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.11:rc4::::::
	cpe:2.3:o:linux:linux_kernel:6.11:rc5::::::
	cpe:2.3:o:linux:linux_kernel:6.11:rc6::::::

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Debian DLA	DLA-4008-1	linux-6.1 security update
Ubuntu USN	USN-7088-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7088-2	Linux kernel vulnerabilities
Ubuntu USN	USN-7088-3	Linux kernel vulnerabilities
Ubuntu USN	USN-7088-4	Linux kernel vulnerabilities
Ubuntu USN	USN-7088-5	Linux kernel vulnerabilities
Ubuntu USN	USN-7100-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7100-2	Linux kernel vulnerabilities
Ubuntu USN	USN-7119-1	Linux kernel (IoT) vulnerabilities
Ubuntu USN	USN-7123-1	Linux kernel (Azure) vulnerabilities
Ubuntu USN	USN-7144-1	Linux kernel (Intel IoTG) vulnerabilities
Ubuntu USN	USN-7154-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7155-1	Linux kernel (NVIDIA) vulnerabilities
Ubuntu USN	USN-7156-1	Linux kernel (GKE) vulnerabilities
Ubuntu USN	USN-7154-2	Linux kernel (HWE) vulnerabilities
Ubuntu USN	USN-7194-1	Linux kernel (Azure) vulnerabilities
Ubuntu USN	USN-7196-1	Linux kernel (Azure) vulnerabilities

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00014.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://git.kernel.org/stable/c/0e727707a239d5c519fc9abc2f0fd913516a7e47
https://git.kernel.org/stable/c/3ba9abfcaa9e16bb91ed7e0e2b42e94a157a953e
https://git.kernel.org/stable/c/41cc91e3138fe52f8da92a81bebcd0e6cf488c53
https://git.kernel.org/stable/c/5edc3a45ef428501000a7b23d0e1777a548907f6
https://git.kernel.org/stable/c/8961b245e8f92bccbaacfbbdf69eba60e3e7c227
https://git.kernel.org/stable/c/b48aa991758999d4e8f9296c5bbe388f293ef465
https://git.kernel.org/stable/c/d8b09a5edc4a634373158c1a405491de3c52e58a
https://git.kernel.org/stable/c/dc12e49f970b08d8b007b8981b97e2eb93c0e89d
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
https://lore.kernel.org/linux-cve-announce/2024100904-CVE-2024-47663-9bdc@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-47663
https://www.cve.org/CVERecord?id=CVE-2024-47663

History

Mon, 03 Nov 2025 23:30:00 +0000

Type	Values Removed	Values Added
References		https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

Fri, 08 Nov 2024 16:00:00 +0000

Type	Values Removed	Values Added
References		https://git.kernel.org/stable/c/5edc3a45ef428501000a7b23d0e1777a548907f6

Wed, 23 Oct 2024 17:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
Weaknesses		CWE-369
CPEs		cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.11:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.11:rc2:::::: cpe:2.3:o:linux:linux_kernel:6.11:rc3:::::: cpe:2.3:o:linux:linux_kernel:6.11:rc4:::::: cpe:2.3:o:linux:linux_kernel:6.11:rc5:::::: cpe:2.3:o:linux:linux_kernel:6.11:rc6::::::
Vendors & Products		Linux Linux linux Kernel

Sat, 12 Oct 2024 01:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2024100904-CVE-2024-47663-9bdc@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2024-47663 https://www.cve.org/CVERecord?id=CVE-2024-47663
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Moderate`

Thu, 10 Oct 2024 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 09 Oct 2024 14:30:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: staging: iio: frequency: ad9834: Validate frequency parameter value In ad9834_write_frequency() clk_get_rate() can return 0. In such case ad9834_calc_freqreg() call will lead to division by zero. Checking 'if (fout > (clk_freq / 2))' doesn't protect in case of 'fout' is 0. ad9834_write_frequency() is called from ad9834_write(), where fout is taken from text buffer, which can contain any value. Modify parameters checking. Found by Linux Verification Center (linuxtesting.org) with SVACE.
Title		staging: iio: frequency: ad9834: Validate frequency parameter value
References		https://git.kernel.org/stable/c/0e727707a239d5c519fc9abc2f0fd913516a7e47 https://git.kernel.org/stable/c/3ba9abfcaa9e16bb91ed7e0e2b42e94a157a953e https://git.kernel.org/stable/c/41cc91e3138fe52f8da92a81bebcd0e6cf488c53 https://git.kernel.org/stable/c/8961b245e8f92bccbaacfbbdf69eba60e3e7c227 https://git.kernel.org/stable/c/b48aa991758999d4e8f9296c5bbe388f293ef465 https://git.kernel.org/stable/c/d8b09a5edc4a634373158c1a405491de3c52e58a https://git.kernel.org/stable/c/dc12e49f970b08d8b007b8981b97e2eb93c0e89d

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-10-09T14:13:56.514Z

Updated: 2025-11-03T22:20:26.126Z

Reserved: 2024-09-30T16:00:12.935Z

Link: CVE-2024-47663

Vulnrichment

Updated: 2024-10-10T13:22:32.239Z

NVD

Status : Modified

Published: 2024-10-09T15:15:15.150

Modified: 2025-11-03T23:16:14.070

Link: CVE-2024-47663

Redhat

Severity : Moderate

Publid Date: 2024-10-09T00:00:00Z

Links: CVE-2024-47663 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

CWE-369

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object