U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

CVE-2024-56739 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: rtc: check if __rtc_read_time was successful in rtc_timer_do_work() If the __rtc_read_time call fails,, the struct rtc_time tm; may contain uninitialized data, or an illegal date/time read from the RTC hardware. When calling rtc_tm_to_ktime later, the result may be a very large value (possibly KTIME_MAX). If there are periodic timers in rtc->timerqueue, they will continually expire, may causing kernel softlockup.


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 3.x Severity and Vector Strings:

NIST CVSS score
NIST: NVD
Base Score:  5.5 MEDIUM
Vector:  CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource
https://git.kernel.org/stable/c/0d68e8514d9040108ff7d1b37ca71096674b6efe Patch 
https://git.kernel.org/stable/c/246f621d363988e7040f4546d20203dc713fa3e1 Patch 
https://git.kernel.org/stable/c/39ad0a1ae17b54509cd9e93dcd8cec16e7c12d3f Patch 
https://git.kernel.org/stable/c/44b3257ff705d63d5f00ef8ed314a0eeb7ec37f2 Patch 
https://git.kernel.org/stable/c/a1f0b4af90cc18b10261ecde56c6a56b22c75bd1 Patch 
https://git.kernel.org/stable/c/dd4b1cbcc916fad5d10c2662b62def9f05e453d4 Patch 
https://git.kernel.org/stable/c/e77bce0a8c3989b4173c36f4195122bca8f4a3e1 Patch 
https://git.kernel.org/stable/c/e8ba8a2bc4f60a1065f23d6a0e7cbea945a0f40d Patch 
https://git.kernel.org/stable/c/fde56535505dde3336df438e949ef4742b6d6d6e Patch 

Weakness Enumeration

CWE-ID CWE Name Source
CWE-908 Use of Uninitialized Resource cwe source acceptance level NIST  

Known Affected Software Configurations Switch to CPE 2.2

Configuration 1 ( hide )
 cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
   Show Matching CPE(s)
From (including)
2.6.38
Up to (excluding)
4.19.325
 cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
   Show Matching CPE(s)
From (including)
4.20
Up to (excluding)
5.4.287
 cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
   Show Matching CPE(s)
From (including)
5.5
Up to (excluding)
5.10.231
 cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
   Show Matching CPE(s)
From (including)
5.11
Up to (excluding)
5.15.174
 cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
   Show Matching CPE(s)
From (including)
5.16
Up to (excluding)
6.1.120
 cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
   Show Matching CPE(s)
From (including)
6.2
Up to (excluding)
6.6.64
 cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
   Show Matching CPE(s)
From (including)
6.7
Up to (excluding)
6.11.11
 cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
   Show Matching CPE(s)
From (including)
6.12
Up to (excluding)
6.12.2

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

2 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2024-56739
NVD Published Date:
12/29/2024
NVD Last Modified:
01/07/2025
Source:
kernel.org