CVE-2024-38559

scsi: qedf: Ensure the copied buf is NUL terminated

Severity Score

4.4

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

scsi: qedf: Ensure the copied buf is NUL terminated

Currently, we allocate a count-sized kernel buffer and copy count from
userspace to that buffer. Later, we use kstrtouint on this buffer but we
don't ensure that the string is terminated inside the buffer, this can
lead to OOB read when using kstrtouint. Fix this issue by using
memdup_user_nul instead of memdup_user.

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: scsi: qedf: asegúrese de que el buf copiado tenga terminación NUL. Actualmente, asignamos un búfer del kernel del tamaño de un conteo y copiamos el conteo desde el espacio de usuario a ese búfer. Más adelante, usamos kstrtouint en este búfer pero no nos aseguramos de que la cadena termine dentro del búfer, esto puede provocar una lectura OOB cuando usamos kstrtouint. Solucione este problema utilizando memdup_user_nul en lugar de memdup_user.

*Credits: N/A

CVSS Scores

Red Hatv3.1 4.4

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-06-18 CVE Reserved
2024-06-19 CVE Published
2024-06-20 EPSS Updated
2024-08-02 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-125: Out-of-bounds Read

CAPEC

References (12)

URL	Tag	Source
https://git.kernel.org/stable/c/61d8658b4a435eac729966cc94cdda077a8df5cd	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/1f84a2744ad813be23fc4be99fb74bfb24aadb95	2024-06-16
https://git.kernel.org/stable/c/a75001678e1d38aa607d5b898ec7ff8ed0700d59	2024-06-16
https://git.kernel.org/stable/c/769b9fd2af02c069451fe9108dba73355d9a021c	2024-06-16
https://git.kernel.org/stable/c/dccd97b39ab2f2b1b9a47a1394647a4d65815255	2024-06-16
https://git.kernel.org/stable/c/d93318f19d1e1a6d5f04f5d965eaa9055bb7c613	2024-06-12
https://git.kernel.org/stable/c/563e609275927c0b75fbfd0d90441543aa7b5e0d	2024-06-12
https://git.kernel.org/stable/c/4907f5ad246fa9b51093ed7dfc7da9ebbd3f20b8	2024-05-30
https://git.kernel.org/stable/c/177f43c6892e6055de6541fe9391a8a3d1f95fc9	2024-05-30
https://git.kernel.org/stable/c/d0184a375ee797eb657d74861ba0935b6e405c62	2024-05-07

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2024-38559	2024-09-24
https://bugzilla.redhat.com/show_bug.cgi?id=2293440	2024-09-24

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.11 < 4.19.316 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.11 < 4.19.316"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.11 < 5.4.278 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.11 < 5.4.278"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.11 < 5.10.219 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.11 < 5.10.219"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.11 < 5.15.161 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.11 < 5.15.161"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.11 < 6.1.93 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.11 < 6.1.93"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.11 < 6.6.33 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.11 < 6.6.33"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.11 < 6.8.12 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.11 < 6.8.12"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.11 < 6.9.3 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.11 < 6.9.3"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.11 < 6.10 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.11 < 6.10"		en		Affected