CVE-2024-38577
rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved:
rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow
There is a possibility of buffer overflow in
show_rcu_tasks_trace_gp_kthread() if counters, passed
to sprintf() are huge. Counter numbers, needed for this
are unrealistically high, but buffer overflow is still
possible.
Use snprintf() with buffer size instead of sprintf().
Found by Linux Verification Center (linuxtesting.org) with SVACE.
En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: rcu-tasks: Corrige show_rcu_tasks_trace_gp_kthread desbordamiento del búfer. Existe la posibilidad de que se produzca un desbordamiento del búfer en show_rcu_tasks_trace_gp_kthread() si los contadores pasados a sprintf() son enormes. Los números de contador necesarios para esto son excesivamente altos, pero aún es posible un desbordamiento del búfer. Utilice snprintf() con tamaño de búfer en lugar de sprintf(). Encontrado por el Centro de verificación de Linux (linuxtesting.org) con SVACE.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-06-18 CVE Reserved
- 2024-06-19 CVE Published
- 2024-08-02 EPSS Updated
- 2024-09-12 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| https://git.kernel.org/stable/c/edf3775f0ad66879796f594983163f672c4bf1a2 | Vuln. Introduced |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.8 < 5.10.226 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.8 < 5.10.226" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.8 < 5.15.167 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.8 < 5.15.167" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.8 < 6.1.93 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.8 < 6.1.93" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.8 < 6.6.33 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.8 < 6.6.33" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.8 < 6.8.12 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.8 < 6.8.12" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.8 < 6.9.3 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.8 < 6.9.3" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.8 < 6.10 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.8 < 6.10" | en |
Affected
| ||||||