CVE-2024-46759: hwmon: (adc128d818) Fix underflows seen when writing limit attributes
In the Linux kernel, the following vulnerability has been resolved:
hwmon: (adc128d818) Fix underflows seen when writing limit attributes
DIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large
negative number such as -9223372036854775808 is provided by the user.
Fix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations.
Security readout for executives and security teams
Plain-English summary
CVE-2024-46759 is a Linux kernel bug in the adc128d818 hardware-monitoring driver. A specially large negative value written to certain limit attributes can trigger an arithmetic underflow. The sources show a kernel fix, but do not provide CVSS, proven impact, or active exploitation evidence.
Executive priority
Treat as routine kernel maintenance unless you operate systems with this sensor driver exposed to untrusted local users or appliance workloads. Prioritize through normal patch cycles, with faster action for multi-tenant Linux hosts, embedded devices, or regulated operational environments.
Technical view
The flaw is in hwmon adc128d818 limit attribute handling. After kstrtol(), DIV_ROUND_CLOSEST() could underflow for values such as the minimum signed long. The fix reorders clamp_val() before division. Affected Linux versions are listed from 3.15 through specific stable branches; fixed stable commits are referenced.
Likely exposure
Exposure appears limited to Linux systems using the adc128d818 hwmon driver where a local user or process can write the relevant sysfs limit attributes. Network-only exposure is not supported by the provided sources. Embedded, appliance, or industrial products should be checked against vendor advisories.
Exploitation context
The CVE is not listed as KEV, and the provided sources do not claim active exploitation or public exploit use. The source evidence describes a local input-handling underflow in a kernel driver, not a remotely reachable service issue.
Researcher notes
The provided record lacks CVSS, CWE, exploitability detail, and concrete impact beyond underflow during limit writes. Analysis should focus on affected driver reachability, local write permissions, fixed commit presence, and downstream vendor backports rather than assuming privilege escalation or remote attack paths.
Mitigation direction
Update to a kernel containing the referenced stable fixes.
Apply Debian LTS kernel updates where those advisories match your fleet.
Check hardware and kernel configs for adc128d818 driver usage.
Restrict write access to hwmon sysfs attributes to trusted administrators.
For appliances, follow the relevant vendor security advisory.
Validation and detection
Inventory hosts running affected Linux kernel branches or vendor kernels.
Confirm whether the adc128d818 module or hardware is present.
Verify installed kernel packages include the referenced stable fix.
Review sysfs permissions for writable hwmon limit attributes.
Check Debian or device-vendor advisories for shipped kernel status.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cve · low confidence lookup
CVE-2024-46759 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.