CVE-2024-47698

{"id": "CVE-2024-47698", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2024-10-21T12:15:06.423", "references": [{"url": "https://git.kernel.org/stable/c/15bea004e939d938a6771dfcf2a26cc899ffd20a", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/49b33c38d202d3327dcfd058e27f541dcc308b92", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/527ab3eb3b0b4a6ee00e183c1de6a730239e2835", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/66dbe0df6eccc7ee53a2c35016ce81e13b3ff447", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/6ae3b9aee42616ee93c4585174f40c767828006d", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/7065c05c6d58b9b9a98127aa14e9a5ec68173918", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/8ae06f360cfaca2b88b98ca89144548b3186aab1", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/a879b6cdd48134a3d58949ea4f075c75fa2d7d71", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/bedd42e07988dbdd124b23e758ffef7a681b9c60", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error\n\nEnsure index in rtl2832_pid_filter does not exceed 31 to prevent\nout-of-bounds access.\n\ndev->filters is a 32-bit value, so set_bit and clear_bit functions should\nonly operate on indices from 0 to 31. If index is 32, it will attempt to\naccess a non-existent 33rd bit, leading to out-of-bounds access.\nChange the boundary check from index > 32 to index >= 32 to resolve this\nissue.\n\n[hverkuil: added fixes tag, rtl2830_pid_filter -> rtl2832_pid_filter in logmsg]"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drivers: media: dvb-frontends/rtl2832: corrige un error de escritura fuera de los l\u00edmites Aseg\u00farate de que el \u00edndice en rtl2832_pid_filter no supere 31 para evitar el acceso fuera de los l\u00edmites. dev->filters es un valor de 32 bits, por lo que las funciones set_bit y clear_bit solo deben funcionar en \u00edndices de 0 a 31. Si el \u00edndice es 32, intentar\u00e1 acceder a un bit 33 inexistente, lo que provocar\u00e1 un acceso fuera de los l\u00edmites. Cambia la comprobaci\u00f3n de l\u00edmites de \u00edndice > 32 a \u00edndice >= 32 para resolver este problema. [hverkuil: se agreg\u00f3 la etiqueta de correcciones, rtl2830_pid_filter -> rtl2832_pid_filter en logmsg]"}], "lastModified": "2025-11-03T23:16:17.630", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B048D614-44B2-4635-B88F-66392D68DE86", "versionEndExcluding": "5.10.227", "versionStartIncluding": "4.0"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D51C05D-455B-4D8D-89E7-A58E140B864C", "versionEndExcluding": "5.15.168", "versionStartIncluding": "5.11"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D01BD22E-ACD1-4618-9D01-6116570BE1EE", "versionEndExcluding": "6.1.113", "versionStartIncluding": "5.16"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D448821D-C085-4CAF-88FA-2DDE7BE21976", "versionEndExcluding": "6.6.54", "versionStartIncluding": "6.2"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CE94BB8D-B0AB-4563-9ED7-A12122B56EBE", "versionEndExcluding": "6.10.13", "versionStartIncluding": "6.7"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AB755D26-97F4-43B6-8604-CD076811E181", "versionEndExcluding": "6.11.2", "versionStartIncluding": "6.11"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}