SB20250117147 - Buffer overflow in Linux kernel power supply driver
Published: January 17, 2025 Updated: May 11, 2025
Security Bulletin ID
SB20250117147
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Buffer overflow (CVE-ID: CVE-2024-57792)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the set_charge_current_limit() function in drivers/power/supply/gpio-charger.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/13eb3cae1d8e23cce96c095abe34da8028c09ac5
- https://git.kernel.org/stable/c/6abbbd8286b6f944eecf3c74444c138590135211
- https://git.kernel.org/stable/c/afc6e39e824ad0e44b2af50a97885caec8d213d1
- https://git.kernel.org/stable/c/b29c7783ac1fe36d639c089cf471ac7a46df05f0
- https://git.kernel.org/stable/c/c3703d9340ca2820e1ac63256f4b423ea8559831
- https://git.kernel.org/stable/c/f6279a98db132da0cfff18712a1b06478c32007f
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.8