ghsa-xwrr-9h7c-8mxc
Vulnerability from github
Published
2024-06-19 15:30
Modified
2024-06-19 15:30
Details

In the Linux kernel, the following vulnerability has been resolved:

rcu: Fix buffer overflow in print_cpu_stall_info()

The rcuc-starvation output from print_cpu_stall_info() might overflow the buffer if there is a huge difference in jiffies difference. The situation might seem improbable, but computers sometimes get very confused about time, which can result in full-sized integers, and, in this case, buffer overflow.

Also, the unsigned jiffies difference is printed using %ld, which is normally for signed integers. This is intentional for debugging purposes, but it is not obvious from the code.

This commit therefore changes sprintf() to snprintf() and adds a clarifying comment about intention of %ld format.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2024-38576"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-121"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-06-19T14:15:17Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nrcu: Fix buffer overflow in print_cpu_stall_info()\n\nThe rcuc-starvation output from print_cpu_stall_info() might overflow the\nbuffer if there is a huge difference in jiffies difference.  The situation\nmight seem improbable, but computers sometimes get very confused about\ntime, which can result in full-sized integers, and, in this case,\nbuffer overflow.\n\nAlso, the unsigned jiffies difference is printed using %ld, which is\nnormally for signed integers.  This is intentional for debugging purposes,\nbut it is not obvious from the code.\n\nThis commit therefore changes sprintf() to snprintf() and adds a\nclarifying comment about intention of %ld format.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
  "id": "GHSA-xwrr-9h7c-8mxc",
  "modified": "2024-06-19T15:30:53Z",
  "published": "2024-06-19T15:30:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38576"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3758f7d9917bd7ef0482c4184c0ad673b4c4e069"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4c3e2ef4d8ddd313c8ce3ac30505940bea8d6257"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9351e1338539cb7f319ffc1210fa9b2aa27384b5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/afb39909bfb5c08111f99e21bf5be7505f59ff1c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e2228ed3fe7aa838fba87c79a76fb1ad9ea47138"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.