CVE-2024-46759: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-46759 affects the Linux kernel's hardware monitoring (hwmon) subsystem, specifically the ADC128D818 driver. The vulnerability was discovered and disclosed on September 18, 2024. The issue occurs when writing limit attributes in the adc128d818 driver, where DIVROUNDCLOSEST() after kstrtol() can result in an underflow if a large negative number (such as -9223372036854775808) is provided by the user (NVD).

The vulnerability is classified as an Integer Underflow (CWE-191) with a CVSS v3.1 base score of 7.8 (High). The issue stems from incorrect ordering of operations in the driver code, where DIVROUNDCLOSEST() is called before clamp_val(), allowing potential underflow conditions. The vulnerability affects multiple versions of the Linux kernel up to (excluding) 4.19.322, 5.4.284, 5.10.226, 5.15.167, 6.1.110, 6.6.51, and 6.10.10 (NVD).

The vulnerability could potentially lead to system compromise through integer underflow conditions when writing limit attributes in the hardware monitoring subsystem. This affects systems using the ADC128D818 hardware monitoring driver (NVD).

The issue has been fixed by reordering the clampval() and DIVROUND_CLOSEST() operations in the driver code. The fix has been implemented across multiple Linux kernel versions and distributions. Ubuntu has released patches for affected versions including 22.04 LTS, 20.04 LTS, and 18.04 LTS (Ubuntu).