CVE-2024-46759
📋 TL;DR
This CVE-2024-46759 is an integer underflow vulnerability in the Linux kernel's adc128d818 hardware monitoring driver. When users write large negative values to limit attributes, improper calculation order causes underflows that could lead to kernel memory corruption. This affects Linux systems using the adc128d818 driver for hardware monitoring.
💻 Affected Systems
- Linux kernel with adc128d818 driver enabled
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic, system crash, or potential privilege escalation if the underflow leads to memory corruption that can be leveraged for further exploitation.
Likely Case
System instability, kernel crashes, or denial of service when malicious values are written to the driver's sysfs interface.
If Mitigated
Limited impact if proper access controls prevent unauthorized users from writing to sysfs attributes.
🎯 Exploit Status
Exploitation requires local access and ability to write to sysfs files. Simple to trigger but limited in impact without additional vulnerabilities.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits: 019ef2d396363ecddc46e826153a842f8603799b, 05419d0056dcf7088687e561bb583cc06deba777, 2a3add62f183459a057336381ef3a896da01ce38, 6891b11a0c6227ca7ed15786928a07b1c0e4d4af, 7645d783df23878342d5d8d22030c3861d2d5426
Vendor Advisory: https://git.kernel.org/stable/c/019ef2d396363ecddc46e826153a842f8603799b
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. For distributions: Use package manager (apt/yum/dnf) to update kernel package. 3. Reboot system to load patched kernel.
🔧 Temporary Workarounds
Restrict sysfs access
linuxLimit write access to hwmon sysfs attributes to prevent exploitation
chmod 444 /sys/class/hwmon/hwmon*/temp*_max
chmod 444 /sys/class/hwmon/hwmon*/temp*_min
chmod 444 /sys/class/hwmon/hwmon*/in*_max
chmod 444 /sys/class/hwmon/hwmon*/in*_min
Unload vulnerable driver
linuxRemove the adc128d818 module if hardware monitoring is not required
rmmod adc128d818
🧯 If You Can't Patch
- Implement strict access controls on /sys/class/hwmon/ directories
- Monitor system logs for kernel crashes or hardware monitoring errors
🔍 How to Verify
Check if Vulnerable:
Check if adc128d818 module is loaded: lsmod | grep adc128d818 AND check kernel version against patched versionsCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits: grep -q '019ef2d396363ecddc46e826153a842f8603799b\|05419d0056dcf7088687e561bb583cc06deba777' /proc/version_signature📡 Detection & Monitoring
Log Indicators:
- Kernel oops messages
- Hardware monitoring errors in dmesg
- System crash logs
Network Indicators:
- None - local vulnerability only
SIEM Query:
source="kernel" AND ("adc128d818" OR "hwmon" OR "underflow")🔗 References
- https://git.kernel.org/stable/c/019ef2d396363ecddc46e826153a842f8603799b
- https://git.kernel.org/stable/c/05419d0056dcf7088687e561bb583cc06deba777
- https://git.kernel.org/stable/c/2a3add62f183459a057336381ef3a896da01ce38
- https://git.kernel.org/stable/c/6891b11a0c6227ca7ed15786928a07b1c0e4d4af
- https://git.kernel.org/stable/c/7645d783df23878342d5d8d22030c3861d2d5426
- https://git.kernel.org/stable/c/8cad724c8537fe3e0da8004646abc00290adae40
- https://git.kernel.org/stable/c/b0bdb43852bf7f55ba02f0cbf00b4ea7ca897bff
- https://git.kernel.org/stable/c/f7f5101af5b47a331cdbfa42ba64c507b47dd1fe
- https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
