CVE-2024-26994

speakup: Avoid crash on very long word

Severity Score

5.9

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

speakup: Avoid crash on very long word

In case a console is set up really large and contains a really long word
(> 256 characters), we have to stop before the length of the word buffer.

En el kernel de Linux se ha solucionado la siguiente vulnerabilidad: Speakup: Evitar crash en palabras muy largas En caso de que una consola esté configurada muy grande y contenga una palabra muy larga (>256 caracteres), tenemos que detenernos antes de la longitud de la palabra. búfer de palabras.

*Credits: N/A

CVSS Scores

CISAv3.1 5.9

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-02-19 CVE Reserved
2024-05-01 CVE Published
2024-05-03 EPSS Updated
2024-11-05 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (11)

URL	Tag	Source
https://git.kernel.org/stable/c/c6e3fd22cd538365bfeb82997d5b89562e077d42	Vuln. Introduced
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/756c5cb7c09e537b87b5d3acafcb101b2ccf394f	2024-05-02
https://git.kernel.org/stable/c/8f6b62125befe1675446923e4171eac2c012959c	2024-05-02
https://git.kernel.org/stable/c/6401038acfa24cba9c28cce410b7505efadd0222	2024-05-02
https://git.kernel.org/stable/c/0d130158db29f5e0b3893154908cf618896450a8	2024-04-27
https://git.kernel.org/stable/c/89af25bd4b4bf6a71295f07e07a8ae7dc03c6595	2024-04-27
https://git.kernel.org/stable/c/8defb1d22ba0395b81feb963b96e252b097ba76f	2024-04-27
https://git.kernel.org/stable/c/0efb15c14c493263cb3a5f65f5ddfd4603d19a76	2024-04-27
https://git.kernel.org/stable/c/c8d2f34ea96ea3bce6ba2535f867f0d4ee3b22e1	2024-04-11

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.37 < 4.19.313 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.37 < 4.19.313"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.37 < 5.4.275 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.37 < 5.4.275"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.37 < 5.10.216 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.37 < 5.10.216"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.37 < 5.15.157 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.37 < 5.15.157"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.37 < 6.1.88 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.37 < 6.1.88"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.37 < 6.6.29 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.37 < 6.6.29"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.37 < 6.8.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.37 < 6.8.8"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.37 < 6.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.37 < 6.9"		en		Affected