FKIE_CVE-2024-36957

Vulnerability from fkie_nvd - Published: 2024-05-30 16:15 - Updated: 2024-11-21 09:22
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: avoid off-by-one read from userspace We try to access count + 1 byte from userspace with memdup_user(buffer, count + 1). However, the userspace only provides buffer of count bytes and only these count bytes are verified to be okay to access. To ensure the copied buffer is NUL terminated, we use memdup_user_nul instead.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/0a0285cee11c7dcc2657bcd456e469958a5009e7
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/8f11fe3ea3fc261640cfc8a5addd838000407c67
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/bcdac70adceb44373da204c3c297f2a98e13216e
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/ec697fbd38cbe2eef0948b58673b146caa95402f
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/f299ee709fb45036454ca11e90cb2810fe771878
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/fc3e0076c1f82fe981d321e3a7bad4cbee542c19
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/0a0285cee11c7dcc2657bcd456e469958a5009e7
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/8f11fe3ea3fc261640cfc8a5addd838000407c67
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/bcdac70adceb44373da204c3c297f2a98e13216e
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/ec697fbd38cbe2eef0948b58673b146caa95402f
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/f299ee709fb45036454ca11e90cb2810fe771878
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/fc3e0076c1f82fe981d321e3a7bad4cbee542c19
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-af: avoid off-by-one read from userspace\n\nWe try to access count + 1 byte from userspace with memdup_user(buffer,\ncount + 1). However, the userspace only provides buffer of count bytes and\nonly these count bytes are verified to be okay to access. To ensure the\ncopied buffer is NUL terminated, we use memdup_user_nul instead."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: octeontx2-af: evitar lecturas uno por uno desde el espacio de usuario Intentamos acceder al recuento + 1 byte desde el espacio de usuario con memdup_user (b\u00fafer, recuento + 1). Sin embargo, el espacio de usuario solo proporciona un b\u00fafer de bytes de recuento y solo se verifica que se puede acceder a estos bytes de recuento. Para garantizar que el b\u00fafer copiado tenga terminaci\u00f3n NUL, usamos memdup_user_nul en su lugar."
    }
  ],
  "id": "CVE-2024-36957",
  "lastModified": "2024-11-21T09:22:54.457",
  "metrics": {},
  "published": "2024-05-30T16:15:18.570",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/0a0285cee11c7dcc2657bcd456e469958a5009e7"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/8f11fe3ea3fc261640cfc8a5addd838000407c67"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/bcdac70adceb44373da204c3c297f2a98e13216e"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/ec697fbd38cbe2eef0948b58673b146caa95402f"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/f299ee709fb45036454ca11e90cb2810fe771878"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/fc3e0076c1f82fe981d321e3a7bad4cbee542c19"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://git.kernel.org/stable/c/0a0285cee11c7dcc2657bcd456e469958a5009e7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://git.kernel.org/stable/c/8f11fe3ea3fc261640cfc8a5addd838000407c67"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://git.kernel.org/stable/c/bcdac70adceb44373da204c3c297f2a98e13216e"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://git.kernel.org/stable/c/ec697fbd38cbe2eef0948b58673b146caa95402f"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://git.kernel.org/stable/c/f299ee709fb45036454ca11e90cb2810fe771878"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://git.kernel.org/stable/c/fc3e0076c1f82fe981d321e3a7bad4cbee542c19"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Undergoing Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.