CVE-2024-26966Improper Validation of Array Index in Linux

CWE-129Improper Validation of Array Index61 documents8 sources
Severity
5.5MEDIUMNVD
OSV7.0
EPSS
0.0%
top 99.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
12
LinuxLinux KernelDebian Linux+9 more
Timeline
PublishedMay 1
Latest updateJun 9

Description

In the Linux kernel, the following vulnerability has been resolved: clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays The frequency table arrays are supposed to be terminated with an empty element. Add such entry to the end of the arrays where it is missing in order to avoid possible out-of-bound access when the table is traversed by functions like qcom_find_freq() or qcom_find_freq_floor(). Only compile tested.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages13 packages

NVDlinux/linux_kernel3.174.19.312+7
Debianlinux/linux_kernel< 5.10.216-1+3
Ubuntulinux/linux_kernel< 5.4.0-189.209+4
CVEListV5linux/linux2b46cd23a5a2cf0b8d3583338b63409f5e78e7cd5533686e99b04994d7c4877dc0e4282adc9444a2+9
debiandebian/linux< linux 6.1.85-1 (bookworm)

Also affects: Debian Linux 10.0

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

29
OSV
linux-azure, linux-azure-4.15 vulnerabilities2025-06-09
OSV
linux-azure-fips vulnerabilities2025-06-09
OSV
linux-azure vulnerabilities2025-06-09
OSV
linux-fips vulnerabilities2025-06-06
OSV
linux-aws, linux-lts-xenial vulnerabilities2025-06-04

📋Vendor Advisories

30
Ubuntu
Linux kernel (Azure) vulnerabilities2025-06-09
Ubuntu
Linux kernel (Azure FIPS) vulnerabilities2025-06-09
Ubuntu
Linux kernel (Azure) vulnerabilities2025-06-09
Ubuntu
Linux kernel (FIPS) vulnerabilities2025-06-06
Ubuntu
Linux kernel (FIPS) vulnerabilities2025-06-04

💬Community

1
Bugzilla
CVE-2024-26966 kernel: clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays2024-05-01
CVE-2024-26966 — Improper Validation of Array Index | cvebase