cve-2024-39480
Vulnerability from cvelistv5
Published
2024-07-05 06:55
Modified
2024-12-19 09:06
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
kdb: Fix buffer overflow during tab-complete
Currently, when the user attempts symbol completion with the Tab key, kdb
will use strncpy() to insert the completed symbol into the command buffer.
Unfortunately it passes the size of the source buffer rather than the
destination to strncpy() with predictably horrible results. Most obviously
if the command buffer is already full but cp, the cursor position, is in
the middle of the buffer, then we will write past the end of the supplied
buffer.
Fix this by replacing the dubious strncpy() calls with memmove()/memcpy()
calls plus explicit boundary checks to make sure we have enough space
before we start moving characters around.
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T04:26:15.655Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/fb824a99e148ff272a53d71d84122728b5f00992" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/ddd2972d8e2dee3b33e8121669d55def59f0be8a" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/cfdc2fa4db57503bc6d3817240547c8ddc55fa96" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/f636a40834d22e5e3fc748f060211879c056cd33" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/33d9c814652b971461d1e30bead6792851c209e7" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/107e825cc448b7834b31e8b1b3cf0f57426d46d5" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/f694da720dcf795dc3eb97bf76d220213f76aaa7" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/e9730744bf3af04cda23799029342aa3cddbc454" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "linux_kernel", "vendor": "linux", "versions": [ { "lessThan": "fb824a99e148", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "ddd2972d8e2d", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "cfdc2fa4db57", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "f636a40834d2", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "33d9c814652b", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "107e825cc448", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "f694da720dcf", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "e9730744bf3a", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThanOrEqual": "4.20", "status": "unaffected", "version": "4.19.316", "versionType": "git" }, { "lessThanOrEqual": "5.5", "status": "unaffected", "version": "5.4.278", "versionType": "git" }, { "lessThanOrEqual": "5.11", "status": "unaffected", "version": "5.10.219", "versionType": "git" }, { "lessThanOrEqual": "5.16", "status": "unaffected", "version": "5.15.161", "versionType": "git" }, { "lessThanOrEqual": "6.2", "status": "unaffected", "version": "6.1.94", "versionType": "git" }, { "lessThanOrEqual": "6.7", "status": "unaffected", "version": "6.6.34", "versionType": "git" }, { "lessThanOrEqual": "6.10", "status": "unaffected", "version": "6.9.5", "versionType": "git" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.10", "versionType": "git" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-39480", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-08-20T03:55:14.759316Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "CWE-121 Stack-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-27T14:14:17.550Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "kernel/debug/kdb/kdb_io.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "fb824a99e148ff272a53d71d84122728b5f00992", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "ddd2972d8e2dee3b33e8121669d55def59f0be8a", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "cfdc2fa4db57503bc6d3817240547c8ddc55fa96", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "f636a40834d22e5e3fc748f060211879c056cd33", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "33d9c814652b971461d1e30bead6792851c209e7", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "107e825cc448b7834b31e8b1b3cf0f57426d46d5", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "f694da720dcf795dc3eb97bf76d220213f76aaa7", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "e9730744bf3af04cda23799029342aa3cddbc454", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "kernel/debug/kdb/kdb_io.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThanOrEqual": "4.19.*", "status": "unaffected", "version": "4.19.316", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.278", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.219", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.161", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.94", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.34", "versionType": "semver" }, { "lessThanOrEqual": "6.9.*", "status": "unaffected", "version": "6.9.5", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nkdb: Fix buffer overflow during tab-complete\n\nCurrently, when the user attempts symbol completion with the Tab key, kdb\nwill use strncpy() to insert the completed symbol into the command buffer.\nUnfortunately it passes the size of the source buffer rather than the\ndestination to strncpy() with predictably horrible results. Most obviously\nif the command buffer is already full but cp, the cursor position, is in\nthe middle of the buffer, then we will write past the end of the supplied\nbuffer.\n\nFix this by replacing the dubious strncpy() calls with memmove()/memcpy()\ncalls plus explicit boundary checks to make sure we have enough space\nbefore we start moving characters around." } ], "providerMetadata": { "dateUpdated": "2024-12-19T09:06:59.602Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/fb824a99e148ff272a53d71d84122728b5f00992" }, { "url": "https://git.kernel.org/stable/c/ddd2972d8e2dee3b33e8121669d55def59f0be8a" }, { "url": "https://git.kernel.org/stable/c/cfdc2fa4db57503bc6d3817240547c8ddc55fa96" }, { "url": "https://git.kernel.org/stable/c/f636a40834d22e5e3fc748f060211879c056cd33" }, { "url": "https://git.kernel.org/stable/c/33d9c814652b971461d1e30bead6792851c209e7" }, { "url": "https://git.kernel.org/stable/c/107e825cc448b7834b31e8b1b3cf0f57426d46d5" }, { "url": "https://git.kernel.org/stable/c/f694da720dcf795dc3eb97bf76d220213f76aaa7" }, { "url": "https://git.kernel.org/stable/c/e9730744bf3af04cda23799029342aa3cddbc454" } ], "title": "kdb: Fix buffer overflow during tab-complete", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-39480", "datePublished": "2024-07-05T06:55:09.241Z", "dateReserved": "2024-06-25T14:23:23.746Z", "dateUpdated": "2024-12-19T09:06:59.602Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "vulnerability-lookup:meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2024-39480\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-07-05T07:15:10.590\",\"lastModified\":\"2024-11-21T09:27:46.630\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nkdb: Fix buffer overflow during tab-complete\\n\\nCurrently, when the user attempts symbol completion with the Tab key, kdb\\nwill use strncpy() to insert the completed symbol into the command buffer.\\nUnfortunately it passes the size of the source buffer rather than the\\ndestination to strncpy() with predictably horrible results. Most obviously\\nif the command buffer is already full but cp, the cursor position, is in\\nthe middle of the buffer, then we will write past the end of the supplied\\nbuffer.\\n\\nFix this by replacing the dubious strncpy() calls with memmove()/memcpy()\\ncalls plus explicit boundary checks to make sure we have enough space\\nbefore we start moving characters around.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: kdb: corrige el desbordamiento del b\u00fafer durante la finalizaci\u00f3n de tabulaci\u00f3n Actualmente, cuando el usuario intenta completar el s\u00edmbolo con la tecla Tab, kdb usar\u00e1 strncpy() para insertar el s\u00edmbolo completado en el b\u00fafer de comando. Desafortunadamente, pasa el tama\u00f1o del b\u00fafer de origen en lugar del destino a strncpy() con resultados predeciblemente horribles. Lo m\u00e1s obvio es que si el b\u00fafer de comando ya est\u00e1 lleno pero cp, la posici\u00f3n del cursor, est\u00e1 en el medio del b\u00fafer, entonces escribiremos m\u00e1s all\u00e1 del final del b\u00fafer proporcionado. Solucione este problema reemplazando las dudosas llamadas strncpy() con llamadas memmove()/memcpy() m\u00e1s comprobaciones expl\u00edcitas de los l\u00edmites para asegurarnos de que tenemos suficiente espacio antes de comenzar a mover los personajes.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-120\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-121\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.19\",\"versionEndExcluding\":\"4.19.316\",\"matchCriteriaId\":\"34445C8D-D7E6-4796-B792-C9257E89257B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.4\",\"versionEndExcluding\":\"5.4.278\",\"matchCriteriaId\":\"8E2371B0-4787-4038-B526-021D4CF93B31\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.10\",\"versionEndExcluding\":\"5.10.219\",\"matchCriteriaId\":\"5311C980-4CDF-4C10-8875-F04ED0F03398\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.15\",\"versionEndExcluding\":\"5.15.161\",\"matchCriteriaId\":\"E2AB5A01-EFFD-4A24-8CCB-4A016C8C4BB3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.1\",\"versionEndExcluding\":\"6.1.94\",\"matchCriteriaId\":\"B5A86346-2984-4261-AC12-29EACB186000\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.6\",\"versionEndExcluding\":\"6.6.34\",\"matchCriteriaId\":\"AC0C6E24-8240-425A-BD1A-F78E6D3A67FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.9\",\"versionEndExcluding\":\"6.9.5\",\"matchCriteriaId\":\"54EDFD02-25E6-4BC8-9AD0-0A59881F400A\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/107e825cc448b7834b31e8b1b3cf0f57426d46d5\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Mailing List\",\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/33d9c814652b971461d1e30bead6792851c209e7\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Mailing List\",\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/cfdc2fa4db57503bc6d3817240547c8ddc55fa96\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Mailing List\",\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/ddd2972d8e2dee3b33e8121669d55def59f0be8a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Mailing List\",\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/e9730744bf3af04cda23799029342aa3cddbc454\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Mailing List\",\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/f636a40834d22e5e3fc748f060211879c056cd33\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Mailing List\",\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/f694da720dcf795dc3eb97bf76d220213f76aaa7\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Mailing List\",\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/fb824a99e148ff272a53d71d84122728b5f00992\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Mailing List\",\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/107e825cc448b7834b31e8b1b3cf0f57426d46d5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/33d9c814652b971461d1e30bead6792851c209e7\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/cfdc2fa4db57503bc6d3817240547c8ddc55fa96\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/ddd2972d8e2dee3b33e8121669d55def59f0be8a\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/e9730744bf3af04cda23799029342aa3cddbc454\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/f636a40834d22e5e3fc748f060211879c056cd33\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/f694da720dcf795dc3eb97bf76d220213f76aaa7\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/fb824a99e148ff272a53d71d84122728b5f00992\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\"]}]}}" } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.