CVE-2024-58069 in Linux
Summary
by MITRE • 03/06/2025
In the Linux kernel, the following vulnerability has been resolved:
rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read
The nvmem interface supports variable buffer sizes, while the regmap interface operates with fixed-size storage. If an nvmem client uses a buffer size less than 4 bytes, regmap_read will write out of bounds as it expects the buffer to point at an unsigned int.
Fix this by using an intermediary unsigned int to hold the value.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 02/16/2026
The vulnerability CVE-2024-58069 represents a critical out-of-bounds write condition affecting the Linux kernel's real-time clock driver for the PCF85063 chip. This issue arises from a fundamental mismatch between the nvmem interface's flexible buffer handling and the regmap interface's assumption of fixed-size storage operations. The nvmem subsystem is designed to accommodate variable buffer sizes to support diverse hardware requirements, while regmap operates under the expectation that memory operations will utilize fixed-size data structures. When an nvmem client attempts to read data using a buffer smaller than four bytes, the regmap_read function executes an out-of-bounds write operation because it assumes the buffer pointer references an unsigned integer structure. This discrepancy creates a scenario where memory adjacent to the intended buffer location receives writes, potentially corrupting adjacent data structures or enabling privilege escalation attacks. The vulnerability specifically impacts systems utilizing the PCF85063 real-time clock chip through the Linux kernel's device driver framework, where the interaction between these two distinct memory management interfaces creates the exploitable condition.
The technical flaw manifests in the improper handling of buffer boundaries during memory read operations within the kernel's device driver subsystem. When an nvmem client requests data from the PCF85063 RTC chip, the system must translate between the flexible nvmem interface and the fixed-size regmap interface. The regmap_read function, which is part of the kernel's regmap subsystem, expects to write data into a buffer that it treats as an unsigned integer. This expectation becomes problematic when the buffer provided by the nvmem client is smaller than the expected size, typically four bytes for a 32-bit integer. The function proceeds to write beyond the allocated buffer boundaries, potentially overwriting adjacent memory locations. This type of vulnerability falls under the CWE-787 Out-of-bounds Write classification, which specifically addresses situations where programs write data past the end of allocated buffers. The issue represents a classic buffer overflow scenario that can be exploited to corrupt memory, potentially leading to system instability or arbitrary code execution.
The operational impact of CVE-2024-58069 extends beyond simple memory corruption, creating potential security risks for embedded systems and devices utilizing the PCF85063 RTC chip. Systems that rely on real-time clock functionality for timekeeping, logging, or synchronization purposes become vulnerable to attacks that could manipulate system time or cause denial of service conditions. The vulnerability affects any Linux kernel version that includes the problematic code path in the pcf85063 driver, particularly impacting embedded devices, industrial control systems, and IoT deployments where real-time clock accuracy is critical. Attackers could potentially exploit this condition to corrupt kernel memory structures, leading to system crashes, privilege escalation, or data integrity issues. The vulnerability is particularly concerning in environments where the affected systems are not regularly updated or patched, as it provides a mechanism for attackers to manipulate time-sensitive operations or potentially gain elevated privileges through memory corruption. This aligns with ATT&CK technique T1059.001 Command and Scripting Interpreter: PowerShell for scenarios where attackers might leverage timing manipulation or memory corruption to establish persistence.
The fix for CVE-2024-58069 implements a straightforward yet effective solution by introducing an intermediary unsigned integer variable to handle the data transfer between the nvmem and regmap interfaces. This approach ensures that the regmap_read function always operates with the expected buffer size while properly handling the data conversion between the two interfaces. The solution involves reading the data into a temporary unsigned int variable first, then copying the appropriate number of bytes to the client-provided buffer based on its actual size. This prevents the out-of-bounds write condition by ensuring that the regmap_read function never attempts to write beyond the boundaries of the allocated buffer. The fix demonstrates a proper defensive programming practice that validates buffer sizes and ensures proper data handling between different kernel subsystems. This approach maintains backward compatibility while resolving the immediate security concern and follows established kernel development practices for handling interface mismatches. The solution represents a targeted patch that addresses the root cause without introducing significant performance overhead or disrupting existing functionality. The fix has been integrated into the mainline Linux kernel and is available in subsequent releases, requiring system administrators to update their kernel versions to remediate the vulnerability.