In the Linux kernel, the following vulnerability has been resolved:
iio: chemical: bme680: Fix overflows in compensate() functions
There are cases in the compensate functions of the driver that there could be overflows of variables due to bit shifting ops. These implications were initially discussed here [1] and they were mentioned in log message of Commit 1b3bd8592780 ("iio: chemical: Add support for Bosch BME680 sensor").
{ "vanir_signatures": [ { "id": "CVE-2024-42086-0bfa1f1a", "signature_type": "Function", "digest": { "function_hash": "169698893641762591176648553525504328914", "length": 748.0 }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fdd478c3ae98c3f13628e110dce9b6cfb0d9b3c8", "target": { "file": "drivers/iio/chemical/bme680_core.c", "function": "bme680_compensate_humid" }, "deprecated": false, "signature_version": "v1" }, { "id": "CVE-2024-42086-1317c905", "signature_type": "Function", "digest": { "function_hash": "74583260042512304793644597338900234094", "length": 442.0 }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b0af334616ed425024bf220adda0f004806b5feb", "target": { "file": "drivers/iio/chemical/bme680_core.c", "function": "bme680_compensate_temp" }, "deprecated": false, "signature_version": "v1" }, { "id": "CVE-2024-42086-1a7d730e", "signature_type": "Function", "digest": { "function_hash": "74583260042512304793644597338900234094", "length": 442.0 }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c326551e99f5416986074ce78bef94f6a404b517", "target": { "file": "drivers/iio/chemical/bme680_core.c", "function": "bme680_compensate_temp" }, "deprecated": false, "signature_version": "v1" }, { "id": "CVE-2024-42086-32c3f040", "signature_type": "Function", "digest": { "function_hash": "169698893641762591176648553525504328914", "length": 748.0 }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b5967393d50e3c6e632efda3ea3fdde14c1bfd0e", "target": { "file": "drivers/iio/chemical/bme680_core.c", "function": "bme680_compensate_humid" }, "deprecated": false, "signature_version": "v1" }, { "id": "CVE-2024-42086-33d136e9", "signature_type": "Line", "digest": { "threshold": 0.9, "line_hashes": [ "170245247040980092003638264361855102467", "225686434343285680557965991216395794114", "185419712723804387466387007452498410881", "111560353063260470772414817869568749774", "241810683953338858235448975117596054236", "63002340621319464161673401453374919835", "183178004167739719871600603888417902450", "36578039925550828802881120031260147899", "291949574045939398971263756070819682865", "143559947737146052743724348275193067983", "301858758193374127096703385035881065742", "56004667506644273048417893534166075830", "292934856284232129598142091868760434670", "16170840842479252690298773106244323707", "70543212634314385798716468959348365192", "121437935539666954703189059906477567426", "17914885720731552655057435591837315706", "272960636464455273905318283179955694950", "93212485727294448380199016813827130588", "86525124331785418750388980786106554665", "159041603330607741230097222591153840169" ] }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fdd478c3ae98c3f13628e110dce9b6cfb0d9b3c8", "target": { "file": "drivers/iio/chemical/bme680_core.c" }, "deprecated": false, "signature_version": "v1" }, { "id": "CVE-2024-42086-36e9ee80", "signature_type": "Function", "digest": { "function_hash": "169698893641762591176648553525504328914", "length": 748.0 }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ba1bb3e2a38a7fef1c1818dd4f2d9abbfdde553a", "target": { "file": "drivers/iio/chemical/bme680_core.c", "function": "bme680_compensate_humid" }, "deprecated": false, "signature_version": "v1" }, { "id": "CVE-2024-42086-39dbedee", "signature_type": "Function", "digest": { "function_hash": "295731870678594135288500131407778987040", "length": 983.0 }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6fa31bbe2ea8665ee970258eb8320cbf231dbe9e", "target": { "file": "drivers/iio/chemical/bme680_core.c", "function": "bme680_compensate_press" }, "deprecated": false, "signature_version": "v1" }, { "id": "CVE-2024-42086-39eb27df", "signature_type": "Function", "digest": { "function_hash": "169698893641762591176648553525504328914", "length": 748.0 }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b0af334616ed425024bf220adda0f004806b5feb", "target": { "file": "drivers/iio/chemical/bme680_core.c", "function": "bme680_compensate_humid" }, "deprecated": false, "signature_version": "v1" }, { "id": "CVE-2024-42086-49b9d9d4", "signature_type": "Line", "digest": { "threshold": 0.9, "line_hashes": [ "170245247040980092003638264361855102467", "225686434343285680557965991216395794114", "185419712723804387466387007452498410881", "111560353063260470772414817869568749774", "241810683953338858235448975117596054236", "63002340621319464161673401453374919835", "183178004167739719871600603888417902450", "36578039925550828802881120031260147899", "291949574045939398971263756070819682865", "143559947737146052743724348275193067983", "301858758193374127096703385035881065742", "56004667506644273048417893534166075830", "292934856284232129598142091868760434670", "16170840842479252690298773106244323707", "70543212634314385798716468959348365192", "121437935539666954703189059906477567426", "17914885720731552655057435591837315706", "272960636464455273905318283179955694950", "93212485727294448380199016813827130588", "86525124331785418750388980786106554665", "159041603330607741230097222591153840169" ] }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ba1bb3e2a38a7fef1c1818dd4f2d9abbfdde553a", "target": { "file": "drivers/iio/chemical/bme680_core.c" }, "deprecated": false, "signature_version": "v1" }, { "id": "CVE-2024-42086-5677cd4e", "signature_type": "Function", "digest": { "function_hash": "295731870678594135288500131407778987040", "length": 983.0 }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3add41bbda92938e9a528d74659dfc552796be4e", "target": { "file": "drivers/iio/chemical/bme680_core.c", "function": "bme680_compensate_press" }, "deprecated": false, "signature_version": "v1" }, { "id": "CVE-2024-42086-5db5ae58", "signature_type": "Function", "digest": { "function_hash": "74583260042512304793644597338900234094", "length": 442.0 }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fdd478c3ae98c3f13628e110dce9b6cfb0d9b3c8", "target": { "file": "drivers/iio/chemical/bme680_core.c", "function": "bme680_compensate_temp" }, "deprecated": false, "signature_version": "v1" }, { "id": "CVE-2024-42086-5f8455f7", "signature_type": "Function", "digest": { "function_hash": "295731870678594135288500131407778987040", "length": 983.0 }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b0af334616ed425024bf220adda0f004806b5feb", "target": { "file": "drivers/iio/chemical/bme680_core.c", "function": "bme680_compensate_press" }, "deprecated": false, "signature_version": "v1" }, { "id": "CVE-2024-42086-6979b1df", "signature_type": "Function", "digest": { "function_hash": "169698893641762591176648553525504328914", "length": 748.0 }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3add41bbda92938e9a528d74659dfc552796be4e", "target": { "file": "drivers/iio/chemical/bme680_core.c", "function": "bme680_compensate_humid" }, "deprecated": false, "signature_version": "v1" }, { "id": "CVE-2024-42086-81f4f0ef", "signature_type": "Function", "digest": { "function_hash": "74583260042512304793644597338900234094", "length": 442.0 }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3add41bbda92938e9a528d74659dfc552796be4e", "target": { "file": "drivers/iio/chemical/bme680_core.c", "function": "bme680_compensate_temp" }, "deprecated": false, "signature_version": "v1" }, { "id": "CVE-2024-42086-88c3c1f3", "signature_type": "Line", "digest": { "threshold": 0.9, "line_hashes": [ "170245247040980092003638264361855102467", "225686434343285680557965991216395794114", "185419712723804387466387007452498410881", "111560353063260470772414817869568749774", "241810683953338858235448975117596054236", "63002340621319464161673401453374919835", "183178004167739719871600603888417902450", "36578039925550828802881120031260147899", "291949574045939398971263756070819682865", "143559947737146052743724348275193067983", "301858758193374127096703385035881065742", "56004667506644273048417893534166075830", "292934856284232129598142091868760434670", "16170840842479252690298773106244323707", "70543212634314385798716468959348365192", "121437935539666954703189059906477567426", "17914885720731552655057435591837315706", "272960636464455273905318283179955694950", "93212485727294448380199016813827130588", "86525124331785418750388980786106554665", "159041603330607741230097222591153840169" ] }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b5967393d50e3c6e632efda3ea3fdde14c1bfd0e", "target": { "file": "drivers/iio/chemical/bme680_core.c" }, "deprecated": false, "signature_version": "v1" }, { "id": "CVE-2024-42086-a17eff7d", "signature_type": "Function", "digest": { "function_hash": "121198018115472819133774382040087225534", "length": 775.0 }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6fa31bbe2ea8665ee970258eb8320cbf231dbe9e", "target": { "file": "drivers/iio/chemical/bme680_core.c", "function": "bme680_compensate_humid" }, "deprecated": false, "signature_version": "v1" }, { "id": "CVE-2024-42086-a9298784", "signature_type": "Function", "digest": { "function_hash": "295731870678594135288500131407778987040", "length": 983.0 }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b5967393d50e3c6e632efda3ea3fdde14c1bfd0e", "target": { "file": "drivers/iio/chemical/bme680_core.c", "function": "bme680_compensate_press" }, "deprecated": false, "signature_version": "v1" }, { "id": "CVE-2024-42086-a937959c", "signature_type": "Function", "digest": { "function_hash": "295731870678594135288500131407778987040", "length": 983.0 }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c326551e99f5416986074ce78bef94f6a404b517", "target": { "file": "drivers/iio/chemical/bme680_core.c", "function": "bme680_compensate_press" }, "deprecated": false, "signature_version": "v1" }, { "id": "CVE-2024-42086-aaec238e", "signature_type": "Line", "digest": { "threshold": 0.9, "line_hashes": [ "170245247040980092003638264361855102467", "225686434343285680557965991216395794114", "185419712723804387466387007452498410881", "111560353063260470772414817869568749774", "241810683953338858235448975117596054236", "63002340621319464161673401453374919835", "183178004167739719871600603888417902450", "36578039925550828802881120031260147899", "291949574045939398971263756070819682865", "143559947737146052743724348275193067983", "301858758193374127096703385035881065742", "56004667506644273048417893534166075830", "292934856284232129598142091868760434670", "16170840842479252690298773106244323707", "70543212634314385798716468959348365192", "121437935539666954703189059906477567426", "17914885720731552655057435591837315706", "272960636464455273905318283179955694950", "93212485727294448380199016813827130588", "86525124331785418750388980786106554665", "159041603330607741230097222591153840169" ] }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b0af334616ed425024bf220adda0f004806b5feb", "target": { "file": "drivers/iio/chemical/bme680_core.c" }, "deprecated": false, "signature_version": "v1" }, { "id": "CVE-2024-42086-aca07e89", "signature_type": "Function", "digest": { "function_hash": "295731870678594135288500131407778987040", "length": 983.0 }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7a13d1357658d3a3c1cd7b3b9543c805a6e5e6e9", "target": { "file": "drivers/iio/chemical/bme680_core.c", "function": "bme680_compensate_press" }, "deprecated": false, "signature_version": "v1" }, { "id": "CVE-2024-42086-b42dca2f", "signature_type": "Line", "digest": { "threshold": 0.9, "line_hashes": [ "170245247040980092003638264361855102467", "225686434343285680557965991216395794114", "185419712723804387466387007452498410881", "111560353063260470772414817869568749774", "241810683953338858235448975117596054236", "63002340621319464161673401453374919835", "183178004167739719871600603888417902450", "36578039925550828802881120031260147899", "291949574045939398971263756070819682865", "143559947737146052743724348275193067983", "301858758193374127096703385035881065742", "56004667506644273048417893534166075830", "292934856284232129598142091868760434670", "16170840842479252690298773106244323707", "70543212634314385798716468959348365192", "121437935539666954703189059906477567426", "17914885720731552655057435591837315706", "272960636464455273905318283179955694950", "93212485727294448380199016813827130588", "86525124331785418750388980786106554665", "159041603330607741230097222591153840169" ] }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3add41bbda92938e9a528d74659dfc552796be4e", "target": { "file": "drivers/iio/chemical/bme680_core.c" }, "deprecated": false, "signature_version": "v1" }, { "id": "CVE-2024-42086-c72a5e89", "signature_type": "Function", "digest": { "function_hash": "74583260042512304793644597338900234094", "length": 442.0 }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7a13d1357658d3a3c1cd7b3b9543c805a6e5e6e9", "target": { "file": "drivers/iio/chemical/bme680_core.c", "function": "bme680_compensate_temp" }, "deprecated": false, "signature_version": "v1" }, { "id": "CVE-2024-42086-c731e3a9", "signature_type": "Line", "digest": { "threshold": 0.9, "line_hashes": [ "170245247040980092003638264361855102467", "225686434343285680557965991216395794114", "185419712723804387466387007452498410881", "111560353063260470772414817869568749774", "241810683953338858235448975117596054236", "63002340621319464161673401453374919835", "183178004167739719871600603888417902450", "36578039925550828802881120031260147899", "291949574045939398971263756070819682865", "143559947737146052743724348275193067983", "301858758193374127096703385035881065742", "56004667506644273048417893534166075830", "292934856284232129598142091868760434670", "16170840842479252690298773106244323707", "70543212634314385798716468959348365192", "121437935539666954703189059906477567426", "17914885720731552655057435591837315706", "272960636464455273905318283179955694950", "93212485727294448380199016813827130588", "86525124331785418750388980786106554665", "159041603330607741230097222591153840169" ] }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6fa31bbe2ea8665ee970258eb8320cbf231dbe9e", "target": { "file": "drivers/iio/chemical/bme680_core.c" }, "deprecated": false, "signature_version": "v1" }, { "id": "CVE-2024-42086-cec22066", "signature_type": "Function", "digest": { "function_hash": "74583260042512304793644597338900234094", "length": 442.0 }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6fa31bbe2ea8665ee970258eb8320cbf231dbe9e", "target": { "file": "drivers/iio/chemical/bme680_core.c", "function": "bme680_compensate_temp" }, "deprecated": false, "signature_version": "v1" }, { "id": "CVE-2024-42086-d5df7338", "signature_type": "Function", "digest": { "function_hash": "74583260042512304793644597338900234094", "length": 442.0 }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b5967393d50e3c6e632efda3ea3fdde14c1bfd0e", "target": { "file": "drivers/iio/chemical/bme680_core.c", "function": "bme680_compensate_temp" }, "deprecated": false, "signature_version": "v1" }, { "id": "CVE-2024-42086-da22e345", "signature_type": "Line", "digest": { "threshold": 0.9, "line_hashes": [ "170245247040980092003638264361855102467", "225686434343285680557965991216395794114", "185419712723804387466387007452498410881", "111560353063260470772414817869568749774", "241810683953338858235448975117596054236", "63002340621319464161673401453374919835", "183178004167739719871600603888417902450", "36578039925550828802881120031260147899", "291949574045939398971263756070819682865", "143559947737146052743724348275193067983", "301858758193374127096703385035881065742", "56004667506644273048417893534166075830", "292934856284232129598142091868760434670", "16170840842479252690298773106244323707", "70543212634314385798716468959348365192", "121437935539666954703189059906477567426", "17914885720731552655057435591837315706", "272960636464455273905318283179955694950", "93212485727294448380199016813827130588", "86525124331785418750388980786106554665", "159041603330607741230097222591153840169" ] }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7a13d1357658d3a3c1cd7b3b9543c805a6e5e6e9", "target": { "file": "drivers/iio/chemical/bme680_core.c" }, "deprecated": false, "signature_version": "v1" }, { "id": "CVE-2024-42086-e4c60847", "signature_type": "Function", "digest": { "function_hash": "295731870678594135288500131407778987040", "length": 983.0 }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fdd478c3ae98c3f13628e110dce9b6cfb0d9b3c8", "target": { "file": "drivers/iio/chemical/bme680_core.c", "function": "bme680_compensate_press" }, "deprecated": false, "signature_version": "v1" }, { "id": "CVE-2024-42086-e91fc137", "signature_type": "Function", "digest": { "function_hash": "295731870678594135288500131407778987040", "length": 983.0 }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ba1bb3e2a38a7fef1c1818dd4f2d9abbfdde553a", "target": { "file": "drivers/iio/chemical/bme680_core.c", "function": "bme680_compensate_press" }, "deprecated": false, "signature_version": "v1" }, { "id": "CVE-2024-42086-ea359309", "signature_type": "Function", "digest": { "function_hash": "74583260042512304793644597338900234094", "length": 442.0 }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ba1bb3e2a38a7fef1c1818dd4f2d9abbfdde553a", "target": { "file": "drivers/iio/chemical/bme680_core.c", "function": "bme680_compensate_temp" }, "deprecated": false, "signature_version": "v1" }, { "id": "CVE-2024-42086-eb8c4ae2", "signature_type": "Function", "digest": { "function_hash": "169698893641762591176648553525504328914", "length": 748.0 }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c326551e99f5416986074ce78bef94f6a404b517", "target": { "file": "drivers/iio/chemical/bme680_core.c", "function": "bme680_compensate_humid" }, "deprecated": false, "signature_version": "v1" }, { "id": "CVE-2024-42086-ebd44ee9", "signature_type": "Function", "digest": { "function_hash": "169698893641762591176648553525504328914", "length": 748.0 }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7a13d1357658d3a3c1cd7b3b9543c805a6e5e6e9", "target": { "file": "drivers/iio/chemical/bme680_core.c", "function": "bme680_compensate_humid" }, "deprecated": false, "signature_version": "v1" }, { "id": "CVE-2024-42086-fb5192fa", "signature_type": "Line", "digest": { "threshold": 0.9, "line_hashes": [ "170245247040980092003638264361855102467", "225686434343285680557965991216395794114", "185419712723804387466387007452498410881", "111560353063260470772414817869568749774", "241810683953338858235448975117596054236", "63002340621319464161673401453374919835", "183178004167739719871600603888417902450", "36578039925550828802881120031260147899", "291949574045939398971263756070819682865", "143559947737146052743724348275193067983", "301858758193374127096703385035881065742", "56004667506644273048417893534166075830", "292934856284232129598142091868760434670", "16170840842479252690298773106244323707", "70543212634314385798716468959348365192", "121437935539666954703189059906477567426", "17914885720731552655057435591837315706", "272960636464455273905318283179955694950", "93212485727294448380199016813827130588", "86525124331785418750388980786106554665", "159041603330607741230097222591153840169" ] }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c326551e99f5416986074ce78bef94f6a404b517", "target": { "file": "drivers/iio/chemical/bme680_core.c" }, "deprecated": false, "signature_version": "v1" } ] }