CVE-2024-26988

init/main.c: Fix potential static_command_line memory overflow

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: init/main.c: Fix potential static_command_line memory overflow We allocate memory of size 'xlen + strlen(boot_command_line) + 1' for
static_command_line, but the strings copied into static_command_line are
extra_command_line and command_line, rather than extra_command_line and
boot_command_line. When strlen(command_line) > strlen(boot_command_line), static_command_line
will overflow. This patch just recovers strlen(command_line) which was miss-consolidated
with strlen(boot_command_line) in the commit f5c7310ac73e ("init/main: add
checks for the return value of memblock_alloc*()")

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: init/main.c: soluciona un posible desbordamiento de memoria de static_command_line Asignamos memoria de tamaño 'xlen + strlen(boot_command_line) + 1' para static_command_line, pero las cadenas copiadas en static_command_line son extra_command_line y command_line, en lugar de extra_command_line y boot_command_line. Cuando strlen(command_line) > strlen(boot_command_line), static_command_line se desbordará. Este parche simplemente recupera strlen(command_line) que no se consolidó con strlen(boot_command_line) en el commit f5c7310ac73e ("init/main: agregue comprobaciones para el valor de retorno de memblock_alloc*()")

A static_command_line memory overflow was found in the Linux kernel. This issue may cause a crash.

In the Linux kernel, the following vulnerability has been resolved: init/main.c: Fix potential static_command_line memory overflow We allocate memory of size 'xlen + strlen(boot_command_line) + 1' for static_command_line, but the strings copied into static_command_line are extra_command_line and command_line, rather than extra_command_line and boot_command_line. When strlen(command_line) > strlen(boot_command_line), static_command_line will overflow. This patch just recovers strlen(command_line) which was miss-consolidated with strlen(boot_command_line) in the commit f5c7310ac73e ("init/main: add checks for the return value of memblock_alloc*()")

Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. Gui-Dong Han discovered that the software RAID driver in the Linux kernel contained a race condition, leading to an integer overflow vulnerability. A privileged attacker could possibly use this to cause a denial of service.

*Credits: N/A

CVSS Scores

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

High

Authentication

Single

Confidentiality

None

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-02-19 CVE Reserved
2024-05-01 CVE Published
2024-12-19 CVE Updated
2025-04-17 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (10)

URL	Tag	Source
https://git.kernel.org/stable/c/f5c7310ac73ea270e3a1acdb73d1b4817f11fd67	Vuln. Introduced
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/2ef607ea103616aec0289f1b65d103d499fa903a	2024-05-02
https://git.kernel.org/stable/c/0dc727a4e05400205358a22c3d01ccad2c8e1fe4	2024-04-27
https://git.kernel.org/stable/c/76c2f4d426a5358fced5d5990744d46f10a4ccea	2024-04-27
https://git.kernel.org/stable/c/81cf85ae4f2dd5fa3e43021782aa72c4c85558e8	2024-04-27
https://git.kernel.org/stable/c/936a02b5a9630c5beb0353c3085cc49d86c57034	2024-04-27
https://git.kernel.org/stable/c/46dad3c1e57897ab9228332f03e1c14798d2d3b9	2024-04-12

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2024-26988	2024-11-12
https://bugzilla.redhat.com/show_bug.cgi?id=2278324	2024-11-12

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.1 < 5.10.216 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.1 < 5.10.216"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.1 < 5.15.157 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.1 < 5.15.157"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.1 < 6.1.88 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.1 < 6.1.88"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.1 < 6.6.29 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.1 < 6.6.29"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.1 < 6.8.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.1 < 6.8.8"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.1 < 6.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.1 < 6.9"		en		Affected