CVE-2024-26730 in Linuxinfo

Summary

by MITRE • 04/03/2024

In the Linux kernel, the following vulnerability has been resolved:

hwmon: (nct6775) Fix access to temperature configuration registers

The number of temperature configuration registers does not always match the total number of temperature registers. This can result in access errors reported if KASAN is enabled.

BUG: KASAN: global-out-of-bounds in nct6775_probe+0x5654/0x6fe9 nct6775_core

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Analysis

by VulDB Data Team • 08/03/2025

The vulnerability CVE-2024-26730 represents a critical memory access issue within the Linux kernel's hardware monitoring subsystem, specifically affecting the nct6775 driver used for temperature sensor management. This flaw manifests as a global out-of-bounds memory access error that occurs during the probe phase of the hardware monitoring driver initialization. The issue stems from a fundamental mismatch between the expected number of temperature configuration registers and the actual number of temperature registers available in the hardware monitoring chip, creating a scenario where the kernel attempts to access memory locations beyond the allocated boundaries.

The technical root cause of this vulnerability lies in the improper handling of register mapping within the nct6775 hardware monitoring driver implementation. When KASAN (Kernel Address Sanitizer) is enabled, the system detects and reports the out-of-bounds memory access that occurs during the nct6775_probe function execution. This function is responsible for initializing the hardware monitoring device and establishing proper register mappings. The discrepancy between configuration registers and temperature registers creates a situation where the driver's memory access patterns exceed the legitimate memory boundaries, leading to potential system instability and security implications. The error specifically manifests at offset 0x5654 within the nct6775_probe function, indicating a precise location where the driver attempts to access memory beyond its allocated space.

The operational impact of this vulnerability extends beyond simple system crashes or hangs, as it represents a potential attack vector that could be exploited to gain unauthorized access to kernel memory spaces. When KASAN is enabled, which is common in security-sensitive environments and development systems, the vulnerability triggers immediate detection and reporting of the memory access violation. This could lead to system panic conditions or more subtle memory corruption that might persist undetected. The vulnerability affects systems using nct6775 hardware monitoring chips, which are commonly found in server motherboards and high-end consumer systems where precise temperature monitoring is critical. The mismatch in register counting could potentially allow attackers to craft specific memory access patterns that might bypass normal security mechanisms or cause denial of service conditions.

Mitigation strategies for this vulnerability should focus on implementing proper bounds checking and register validation within the nct6775 driver code. System administrators should ensure that kernel updates containing the fix are applied immediately, as this vulnerability affects the core kernel functionality. The fix typically involves correcting the register mapping logic to accurately account for the number of configuration registers versus temperature registers, preventing the out-of-bounds access that triggers KASAN reporting. Organizations should also consider implementing monitoring solutions that can detect KASAN violations in production environments, as these errors may indicate more serious underlying security issues. The vulnerability aligns with CWE-129, which addresses improper validation of array indices, and could potentially be leveraged as part of broader exploitation chains targeting kernel memory management subsystems. This issue demonstrates the importance of rigorous testing and validation of hardware driver implementations, particularly those handling critical system monitoring functions.

Reservation

02/19/2024

Disclosure

04/03/2024

Moderation

accepted

CPE

ready

EPSS

0.00245

KEV

no

Activities

very low

Sources

Want to stay up to date on a daily basis?

Enable the mail alert feature now!