Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2024-50195 | First vendor Publication | 2024-11-08 |
| Vendor | Cve | Last vendor Modification | 2024-11-29 |
Security-Database Scoring CVSS v3
| Cvss vector : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | |||
|---|---|---|---|
| Overall CVSS Score | 5.5 | ||
| Base Score | 5.5 | Environmental Score | 5.5 |
| impact SubScore | 3.6 | Temporal Score | 5.5 |
| Exploitabality Sub Score | 1.8 | ||
| Attack Vector | Local | Attack Complexity | Low |
| Privileges Required | Low | User Interaction | None |
| Scope | Unchanged | Confidentiality Impact | None |
| Integrity Impact | None | Availability Impact | High |
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : | |||
|---|---|---|---|
| Cvss Base Score | N/A | Attack Range | N/A |
| Cvss Impact Score | N/A | Attack Complexity | N/A |
| Cvss Expoit Score | N/A | Authentication | N/A |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| In the Linux kernel, the following vulnerability has been resolved: posix-clock: Fix missing timespec64 check in pc_clock_settime() As Andrew pointed out, it will make sense that the PTP core checked timespec64 struct's tv_sec and tv_nsec range before calling ptp->info->settime64(). As the man manual of clock_settime() said, if tp.tv_sec is negative or tp.tv_nsec is outside the range [0..999,999,999], it should return EINVAL, which include dynamic clocks which handles PTP clock, and the condition is consistent with timespec64_valid(). As Thomas suggested, timespec64_valid() only check the timespec is valid, but not ensure that the time is in a valid range, so check it ahead using timespec64_valid_strict() in pc_clock_settime() and return -EINVAL if not valid. There are some drivers that use tp->tv_sec and tp->tv_nsec directly to write registers without validity checks and assume that the higher layer has checked it, which is dangerous and will benefit from this, such as hclge_ptp_settime(), igb_ptp_settime_i210(), _rcar_gen4_ptp_settime(), and some drivers can remove the checks of itself. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50195 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-754 | Improper Check for Unusual or Exceptional Conditions |
CPE : Common Platform Enumeration
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2025-06-26 02:36:57 |
|
| 2025-06-25 12:35:22 |
|
| 2025-06-24 02:41:38 |
|
| 2025-05-27 02:46:42 |
|
| 2025-03-29 03:42:50 |
|
| 2025-03-28 13:46:35 |
|
| 2025-03-28 03:20:33 |
|
| 2025-03-19 03:15:46 |
|
| 2025-03-18 03:28:44 |
|
| 2025-03-14 03:15:58 |
|
| 2025-03-06 14:12:31 |
|
| 2025-02-22 03:26:04 |
|
| 2025-01-08 03:06:58 |
|
| 2025-01-07 03:06:31 |
|
| 2024-12-25 03:05:09 |
|
| 2024-12-12 03:08:04 |
|
| 2024-11-30 00:21:14 |
|
| 2024-11-09 03:01:55 |
|
| 2024-11-09 03:01:13 |
|
| 2024-11-08 21:27:29 |
|
| 2024-11-08 13:27:35 |
|
