Integer Underflow Affecting kernel-livepatch-4.14.355-271.569 package, versions <0:1.0-0.amzn2
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-AMZN2-KERNELLIVEPATCH414355271569-8382891
- published 16 Nov 2024
- disclosed 18 Sep 2024
Introduced: 18 Sep 2024
CVE-2024-46756 Open this link in a new tabHow to fix?
Upgrade Amazon-Linux:2 kernel-livepatch-4.14.355-271.569 to version 0:1.0-0.amzn2 or higher.
This issue was patched in ALAS2-2024-2696.
NVD Description
Note: Versions mentioned in the description apply only to the upstream kernel-livepatch-4.14.355-271.569 package and not the kernel-livepatch-4.14.355-271.569 package as distributed by Amazon-Linux.
See How to fix? for Amazon-Linux:2 relevant fixed versions and status.
In the Linux kernel, the following vulnerability has been resolved:
hwmon: (w83627ehf) Fix underflows seen when writing limit attributes
DIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large negative number such as -9223372036854775808 is provided by the user. Fix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations.
References
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46756
- https://git.kernel.org/stable/c/26825b62bd1bd3e53b4f44e0745cb516d5186343
- https://git.kernel.org/stable/c/56cfdeb2c77291f0b5e4592731adfb6ca8fc7c24
- https://git.kernel.org/stable/c/5c1de37969b7bc0abcb20b86e91e70caebbd4f89
- https://git.kernel.org/stable/c/77ab0fd231c4ca873ec6908e761970360acc6df2
- https://git.kernel.org/stable/c/8fecb75bff1b7d87a071c32a37aa0700f2be379d
- https://git.kernel.org/stable/c/93cf73a7bfdce683bde3a7bb65f270d3bd24497b
- https://git.kernel.org/stable/c/cc4be794c8d8c253770103e097ab9dbdb5f99ae1
- https://git.kernel.org/stable/c/d92f0baf99a7e327dcceab37cce57c38aab1f691