CVE-2024-24861 - Vulnerability Details - OpenCVE

A race condition was found in the Linux kernel's media/xc4000 device driver in xc4000 xc4000_get_frequency() function. This can result in return value overflow issue, possibly leading to malfunction or denial of service issue.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact Low

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Linux	Linux Kernel

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:3.1:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.8:rc1::::::

No data.

References

Link	Providers
https://bugzilla.openanolis.cn/show_bug.cgi?id=8150
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

History

Thu, 13 Feb 2025 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 13 Feb 2025 17:45:00 +0000

Type	Values Removed	Values Added
Description	A race condition was found in the Linux kernel's media/xc4000 device driver in xc4000 xc4000_get_frequency() function. This can result in return value overflow issue, possibly leading to malfunction or denial of service issue.	A race condition was found in the Linux kernel's media/xc4000 device driver in xc4000 xc4000_get_frequency() function. This can result in return value overflow issue, possibly leading to malfunction or denial of service issue.

MITRE

Status: PUBLISHED

Assigner: Anolis

Published: 2024-02-05T07:26:43.824Z

Updated: 2025-02-13T17:40:35.162Z

Reserved: 2024-02-01T09:11:56.214Z

Link: CVE-2024-24861

Vulnrichment

Updated: 2024-08-01T23:28:12.999Z

NVD

Status : Modified

Published: 2024-02-05T08:15:45.253

Modified: 2025-02-13T18:17:11.437

Link: CVE-2024-24861

Redhat

No data.

{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-24861", "assignerOrgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e", "state": "PUBLISHED", "assignerShortName": "Anolis", "dateReserved": "2024-02-01T09:11:56.214Z", "datePublished": "2024-02-05T07:26:43.824Z", "dateUpdated": "2025-02-13T17:40:35.162Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://kernel.org/", "defaultStatus": "unaffected", "modules": ["media", "xc4000"], "packageName": "kernel", "platforms": ["Linux", "x86", "ARM"], "product": "Linux kernel", "programFiles": ["https://gitee.com/anolis/cloud-kernel/blob/devel-5.10/drivers/media/tuners/xc4000.c"], "repo": "https://gitee.com/anolis/cloud-kernel.git", "vendor": "Linux", "versions": [{"lessThan": "v6.8-rc1", "status": "affected", "version": "v3.1-rc1", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "\u767d\u5bb6\u9a79 <baijiaju@buaa.edu.cn>"}, {"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "\u97e9\u6842\u680b <hanguidong@buaa.edu.cn>"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>A race condition was found in the Linux kernel's media/xc4000 device driver in xc4000 xc4000_get_frequency() function. This can result in return value overflow issue, possibly leading to malfunction or denial of service issue.</p>"}], "value": "A race condition was found in the Linux kernel's media/xc4000 device driver in xc4000 xc4000_get_frequency() function. This can result in return value overflow issue, possibly leading to malfunction or denial of service issue."}], "impacts": [{"capecId": "CAPEC-26", "descriptions": [{"lang": "en", "value": "CAPEC-26 Leveraging Race Conditions"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-362", "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e", "shortName": "Anolis", "dateUpdated": "2024-06-27T12:12:24.933Z"}, "references": [{"url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=8150"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<a target=\"_blank\" rel=\"nofollow\" href=\"https://lore.kernel.org/lkml/20231222055030.5237-1-2045gemini@gmail.com/\">https://lore.kernel.org/lkml/20231222055030.5237-1-2045gemini@gmail.com/</a><br>"}], "value": "https://lore.kernel.org/lkml/20231222055030.5237-1-2045gemini@gmail.com/ https://lore.kernel.org/lkml/20231222055030.5237-1-2045gemini@gmail.com/"}], "source": {"discovery": "UNKNOWN"}, "title": "Race condition vulnerability in Linux kernel media/xc4000 xc4000_get_frequency()", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-24861", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-22T18:11:41.377364Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:43:39.200Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:28:12.999Z"}, "title": "CVE Program Container", "references": [{"url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=8150", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=8150", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:28:12.999Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-24861", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-22T18:11:41.377364Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:13.015Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "Race condition vulnerability in Linux kernel media/xc4000 xc4000_get_frequency()", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "\u767d\u5bb6\u9a79 <baijiaju@buaa.edu.cn>"}, {"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "\u97e9\u6842\u680b <hanguidong@buaa.edu.cn>"}], "impacts": [{"capecId": "CAPEC-26", "descriptions": [{"lang": "en", "value": "CAPEC-26 Leveraging Race Conditions"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://gitee.com/anolis/cloud-kernel.git", "vendor": "Linux", "modules": ["media", "xc4000"], "product": "Linux kernel", "versions": [{"status": "affected", "version": "v3.1-rc1", "lessThan": "v6.8-rc1", "versionType": "custom"}], "platforms": ["Linux", "x86", "ARM"], "packageName": "kernel", "programFiles": ["https://gitee.com/anolis/cloud-kernel/blob/devel-5.10/drivers/media/tuners/xc4000.c"], "collectionURL": "https://kernel.org/", "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "https://lore.kernel.org/lkml/20231222055030.5237-1-2045gemini@gmail.com/ https://lore.kernel.org/lkml/20231222055030.5237-1-2045gemini@gmail.com/", "supportingMedia": [{"type": "text/html", "value": "<a target=\"_blank\" rel=\"nofollow\" href=\"https://lore.kernel.org/lkml/20231222055030.5237-1-2045gemini@gmail.com/\">https://lore.kernel.org/lkml/20231222055030.5237-1-2045gemini@gmail.com/</a><br>", "base64": false}]}], "references": [{"url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=8150"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "A race condition was found in the Linux kernel's media/xc4000 device driver in xc4000 xc4000_get_frequency() function. This can result in return value overflow issue, possibly leading to malfunction or denial of service issue.", "supportingMedia": [{"type": "text/html", "value": "<p>A race condition was found in the Linux kernel's media/xc4000 device driver in xc4000 xc4000_get_frequency() function. This can result in return value overflow issue, possibly leading to malfunction or denial of service issue.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-362", "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"}]}], "providerMetadata": {"orgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e", "shortName": "Anolis", "dateUpdated": "2024-06-27T12:12:24.933Z"}}}, "cveMetadata": {"cveId": "CVE-2024-24861", "state": "PUBLISHED", "dateUpdated": "2025-02-13T17:40:35.162Z", "dateReserved": "2024-02-01T09:11:56.214Z", "assignerOrgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e", "datePublished": "2024-02-05T07:26:43.824Z", "assignerShortName": "Anolis"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "AD9494B1-7BF5-4868-9977-EFFACD7CC931", "versionEndIncluding": "3.0.101", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "531D8406-3925-4647-9961-38BC93A02F16", "versionEndIncluding": "6.7.2", "versionStartIncluding": "6.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.1:rc1:*:*:*:*:*:*", "matchCriteriaId": "13BBD2A3-AE10-48B9-8776-4FB1CAC37D44", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc1:*:*:*:*:*:*", "matchCriteriaId": "B9F4EA73-0894-400F-A490-3A397AB7A517", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A race condition was found in the Linux kernel's media/xc4000 device driver in xc4000 xc4000_get_frequency() function. This can result in return value overflow issue, possibly leading to malfunction or denial of service issue."}, {"lang": "es", "value": "Se encontr\u00f3 una condici\u00f3n de ejecuci\u00f3n en el controlador de dispositivo media/xc4000 del kernel de Linux en la funci\u00f3n xc4000 xc4000_get_frequency(). Esto puede provocar un problema de desbordamiento del valor de retorno, lo que posiblemente provoque un mal funcionamiento o un problema de denegaci\u00f3n de servicio."}], "id": "CVE-2024-24861", "lastModified": "2025-02-13T18:17:11.437", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 2.5, "source": "security@openanolis.org", "type": "Secondary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-02-05T08:15:45.253", "references": [{"source": "security@openanolis.org", "tags": ["Permissions Required"], "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=8150"}, {"source": "security@openanolis.org", "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"}, {"source": "security@openanolis.org", "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required"], "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=8150"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"}], "sourceIdentifier": "security@openanolis.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "security@openanolis.org", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-362"}], "source": "nvd@nist.gov", "type": "Primary"}]}