{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-47664", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-09-30T16:00:12.936Z", "datePublished": "2024-10-09T14:13:57.337Z", "dateUpdated": "2024-11-05T09:48:21.295Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:48:21.295Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware\n\nIf the value of max_speed_hz is 0, it may cause a division by zero\nerror in hisi_calc_effective_speed().\nThe value of max_speed_hz is provided by firmware.\nFirmware is generally considered as a trusted domain. However, as\ndivision by zero errors can cause system failure, for defense measure,\nthe value of max_speed is validated here. So 0 is regarded as invalid\nand an error code is returned."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/spi/spi-hisi-kunpeng.c"], "versions": [{"version": "1da177e4c3f4", "lessThan": "16ccaf581da4", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "ee73a15d4a8c", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "5127c42c77de", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/spi/spi-hisi-kunpeng.c"], "versions": [{"version": "6.6.51", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10.10", "lessThanOrEqual": "6.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.11", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/16ccaf581da4fcf1e4d66086cf37263f9a656d43"}, {"url": "https://git.kernel.org/stable/c/ee73a15d4a8ce8fb02d7866f7cf78fcdd16f0fcc"}, {"url": "https://git.kernel.org/stable/c/5127c42c77de18651aa9e8e0a3ced190103b449c"}], "title": "spi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-10T13:22:13.073715Z", "id": "CVE-2024-47664", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-10T13:22:27.116Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"cna": {"title": "spi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "1da177e4c3f4", "lessThan": "16ccaf581da4", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "ee73a15d4a8c", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "5127c42c77de", "versionType": "git"}], "programFiles": ["drivers/spi/spi-hisi-kunpeng.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "unaffected", "version": "6.6.51", "versionType": "custom", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.10.10", "versionType": "custom", "lessThanOrEqual": "6.10.*"}, {"status": "unaffected", "version": "6.11", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/spi/spi-hisi-kunpeng.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/16ccaf581da4fcf1e4d66086cf37263f9a656d43"}, {"url": "https://git.kernel.org/stable/c/ee73a15d4a8ce8fb02d7866f7cf78fcdd16f0fcc"}, {"url": "https://git.kernel.org/stable/c/5127c42c77de18651aa9e8e0a3ced190103b449c"}], "x_generator": {"engine": "bippy-c9c4e1df01b2"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware\n\nIf the value of max_speed_hz is 0, it may cause a division by zero\nerror in hisi_calc_effective_speed().\nThe value of max_speed_hz is provided by firmware.\nFirmware is generally considered as a trusted domain. However, as\ndivision by zero errors can cause system failure, for defense measure,\nthe value of max_speed is validated here. So 0 is regarded as invalid\nand an error code is returned."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-10-09T14:13:57.337Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-47664", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-10T13:22:13.073715Z"}}}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2024-10-10T13:22:16.913Z"}}]}, "cveMetadata": {"cveId": "CVE-2024-47664", "state": "PUBLISHED", "dateUpdated": "2024-10-09T14:13:57.337Z", "dateReserved": "2024-09-30T16:00:12.936Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-10-09T14:13:57.337Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D4954ED0-8229-4D57-B4B3-CB5154734977", "versionEndExcluding": "6.6.51", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "ACDEE48C-137A-4731-90D0-A675865E1BED", "versionEndExcluding": "6.10.10", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*", "matchCriteriaId": "8B3CE743-2126-47A3-8B7C-822B502CF119", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*", "matchCriteriaId": "4DEB27E7-30AA-45CC-8934-B89263EF3551", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware\n\nIf the value of max_speed_hz is 0, it may cause a division by zero\nerror in hisi_calc_effective_speed().\nThe value of max_speed_hz is provided by firmware.\nFirmware is generally considered as a trusted domain. However, as\ndivision by zero errors can cause system failure, for defense measure,\nthe value of max_speed is validated here. So 0 is regarded as invalid\nand an error code is returned."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: spi: hisi-kunpeng: Agregar verificaci\u00f3n para max_frequency proporcionada por el firmware Si el valor de max_speed_hz es 0, puede causar un error de divisi\u00f3n por cero en hisi_calc_effective_speed(). El valor de max_speed_hz lo proporciona el firmware. El firmware generalmente se considera un dominio confiable. Sin embargo, como los errores de divisi\u00f3n por cero pueden causar fallas del sistema, como medida de defensa, el valor de max_speed se valida aqu\u00ed. Entonces, 0 se considera inv\u00e1lido y se devuelve un c\u00f3digo de error."}], "id": "CVE-2024-47664", "lastModified": "2024-10-23T16:47:35.643", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-10-09T15:15:15.223", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/16ccaf581da4fcf1e4d66086cf37263f9a656d43"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/5127c42c77de18651aa9e8e0a3ced190103b449c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ee73a15d4a8ce8fb02d7866f7cf78fcdd16f0fcc"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-369"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: spi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware", "id": "2317761", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2317761"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-20", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nspi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware\nIf the value of max_speed_hz is 0, it may cause a division by zero\nerror in hisi_calc_effective_speed().\nThe value of max_speed_hz is provided by firmware.\nFirmware is generally considered as a trusted domain. However, as\ndivision by zero errors can cause system failure, for defense measure,\nthe value of max_speed is validated here. So 0 is regarded as invalid\nand an error code is returned."], "name": "CVE-2024-47664", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-10-09T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-47664\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-47664\nhttps://lore.kernel.org/linux-cve-announce/2024100904-CVE-2024-47664-f6bd@gregkh/T"], "threat_severity": "Low"}