CVE-2024-27006

{"id": "CVE-2024-27006", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-05-01T06:15:19.053", "references": [{"url": "https://git.kernel.org/stable/c/9c8215d32e730b597c809a9d2090bf8ec1b79fcf", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/b552f63cd43735048bbe9bfbb7a9dcfce166fbdd", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/9c8215d32e730b597c809a9d2090bf8ec1b79fcf", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/b552f63cd43735048bbe9bfbb7a9dcfce166fbdd", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW/", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nthermal/debugfs: Add missing count increment to thermal_debug_tz_trip_up()\n\nThe count field in struct trip_stats, representing the number of times\nthe zone temperature was above the trip point, needs to be incremented\nin thermal_debug_tz_trip_up(), for two reasons.\n\nFirst, if a trip point is crossed on the way up for the first time,\nthermal_debug_update_temp() called from update_temperature() does\nnot see it because it has not been added to trips_crossed[] array\nin the thermal zone's struct tz_debugfs object yet. Therefore, when\nthermal_debug_tz_trip_up() is called after that, the trip point's\ncount value is 0, and the attempt to divide by it during the average\ntemperature computation leads to a divide error which causes the kernel\nto crash. Setting the count to 1 before the division by incrementing it\nfixes this problem.\n\nSecond, if a trip point is crossed on the way up, but it has been\ncrossed on the way up already before, its count value needs to be\nincremented to make a record of the fact that the zone temperature is\nabove the trip now. Without doing that, if the mitigations applied\nafter crossing the trip cause the zone temperature to drop below its\nthreshold, the count will not be updated for this episode at all and\nthe average temperature in the trip statistics record will be somewhat\nhigher than it should be.\n\nCc :6.8+ <stable@vger.kernel.org> # 6.8+"}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: Thermal/debugfs: agregue el incremento de conteo faltante a Thermal_debug_tz_trip_up() El campo de conteo en la estructura trip_stats, que representa la cantidad de veces que la temperatura de la zona estuvo por encima del punto de disparo, debe incrementarse en Thermal_debug_tz_trip_up(), por dos razones. Primero, si se cruza un punto de viaje en el camino hacia arriba por primera vez, Thermal_debug_update_temp() llamado desde update_temperature() no lo ve porque a\u00fan no se ha agregado a la matriz trips_crossed[] en el objeto struct tz_debugfs de la zona t\u00e9rmica. Por lo tanto, cuando se llama a Thermal_debug_tz_trip_up() despu\u00e9s de eso, el valor de conteo del punto de disparo es 0, y el intento de dividirlo durante el c\u00e1lculo de la temperatura promedio conduce a un error de divisi\u00f3n que provoca que el kernel falle. Establecer el conteo en 1 antes de la divisi\u00f3n increment\u00e1ndolo soluciona este problema. En segundo lugar, si se cruza un punto de viaje en el camino hacia arriba, pero ya se ha cruzado en el camino hacia arriba, es necesario incrementar su valor de conteo para registrar el hecho de que la temperatura de la zona est\u00e1 por encima del viaje en este momento. Sin hacer eso, si las mitigaciones aplicadas despu\u00e9s de cruzar el viaje hacen que la temperatura de la zona caiga por debajo de su umbral, el conteo no se actualizar\u00e1 para este episodio en absoluto y la temperatura promedio en el registro de estad\u00edsticas del viaje ser\u00e1 algo mayor de lo que deber\u00eda ser. . CC :6.8+ # 6.8+"}], "lastModified": "2025-11-04T18:16:10.120", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A6B3F478-AAC3-4675-897F-870080589B51", "versionEndExcluding": "6.8.8", "versionStartIncluding": "6.8"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "22BEDD49-2C6D-402D-9DBF-6646F6ECD10B"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DF73CB2A-DFFD-46FB-9BFE-AA394F27EA37"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "52048DDA-FC5A-4363-95A0-A6357B4D7F8C"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A06B2CCF-3F43-4FA9-8773-C83C3F5764B2"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}