CVE-2024-36957
octeontx2-af: avoid off-by-one read from userspace
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved:
octeontx2-af: avoid off-by-one read from userspace
We try to access count + 1 byte from userspace with memdup_user(buffer,
count + 1). However, the userspace only provides buffer of count bytes and
only these count bytes are verified to be okay to access. To ensure the
copied buffer is NUL terminated, we use memdup_user_nul instead.
En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: octeontx2-af: evitar lecturas uno por uno desde el espacio de usuario Intentamos acceder al recuento + 1 byte desde el espacio de usuario con memdup_user (búfer, recuento + 1). Sin embargo, el espacio de usuario solo proporciona un búfer de bytes de recuento y solo se verifica que se puede acceder a estos bytes de recuento. Para garantizar que el búfer copiado tenga terminación NUL, usamos memdup_user_nul en su lugar.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-05-30 CVE Reserved
- 2024-05-30 CVE Published
- 2024-05-31 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-193: Off-by-one Error
CAPEC
References (12)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2024-36957 | 2024-07-17 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2284581 | 2024-07-17 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.10.20 < 5.10.217 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10.20 < 5.10.217" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.12 < 5.15.159 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.12 < 5.15.159" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.12 < 6.1.91 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.12 < 6.1.91" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.12 < 6.6.31 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.12 < 6.6.31" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.12 < 6.8.10 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.12 < 6.8.10" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.12 < 6.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.12 < 6.9" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 5.11.3 Search vendor "Linux" for product "Linux Kernel" and version "5.11.3" | en |
Affected
| ||||||