CVE-2024-50074

parport: Proper fix for array out-of-bounds access

Severity Score

7.1

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: parport: Proper fix for array out-of-bounds access The recent fix for array out-of-bounds accesses replaced sprintf()
calls blindly with snprintf(). However, since snprintf() returns the
would-be-printed size, not the actually output size, the length
calculation can still go over the given limit. Use scnprintf() instead of snprintf(), which returns the actually
output letters, for addressing the potential out-of-bounds access
properly.

In the Linux kernel, the following vulnerability has been resolved: parport: Proper fix for array out-of-bounds access The recent fix for array out-of-bounds accesses replaced sprintf() calls blindly with snprintf(). However, since snprintf() returns the would-be-printed size, not the actually output size, the length calculation can still go over the given limit. Use scnprintf() instead of snprintf(), which returns the actually output letters, for addressing the potential out-of-bounds access properly.

Michael Randrianantenaina discovered that the Bluetooth driver in the Linux Kernel contained an improper access control vulnerability. A nearby attacker could use this to connect a rougue device and possibly execute arbitrary code. Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service or possibly execute arbitrary code.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2024-10-21 CVE Reserved
2024-10-29 CVE Published
2025-04-27 EPSS Updated
2025-05-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (16)

URL	Tag	Source
https://git.kernel.org/stable/c/166a0bddcc27de41fe13f861c8348e8e53e988c8	Vuln. Introduced
https://git.kernel.org/stable/c/47b3dce100778001cd76f7e9188944b5cb27a76d	Vuln. Introduced
https://git.kernel.org/stable/c/a44f88f7576bc1916d8d6293f5c62fbe7cbe03e0	Vuln. Introduced
https://git.kernel.org/stable/c/c719b393374d3763e64900ee19aaed767d5a08d6	Vuln. Introduced
https://git.kernel.org/stable/c/7f4da759092a1a6ce35fb085182d02de8cc4cc84	Vuln. Introduced
https://git.kernel.org/stable/c/b579ea3516c371ecf59d073772bc45dfd28c8a0e	Vuln. Introduced
https://git.kernel.org/stable/c/ab11dac93d2d568d151b1918d7b84c2d02bacbd5	Vuln. Introduced
https://git.kernel.org/stable/c/7789a1d6792af410aa9b39a1eb237ed24fa2170a	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/8aadef73ba3b325704ed5cfc4696a25c350182cf	2024-11-08
https://git.kernel.org/stable/c/b0641e53e6cb937487b6cfb15772374f0ba149b3	2024-11-08
https://git.kernel.org/stable/c/1826b6d69bbb7f9ae8711827facbb2ad7f8d0aaa	2024-10-22
https://git.kernel.org/stable/c/440311903231c6e6c9bcf8acb6a2885a422e00bc	2024-10-22
https://git.kernel.org/stable/c/fca048f222ce9dcbde5708ba2bf81d85a4a27952	2024-10-22
https://git.kernel.org/stable/c/66029078fee00646e2e9dbb8f41ff7819f8e7569	2024-10-22
https://git.kernel.org/stable/c/2a8b26a09c8e3ea03da1ef3cd0ef6b96e559fba6	2024-10-22
https://git.kernel.org/stable/c/02ac3a9ef3a18b58d8f3ea2b6e46de657bf6c4f9	2024-10-13

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.19.320 < 4.19.323 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.19.320 < 4.19.323"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.4.282 < 5.4.285 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4.282 < 5.4.285"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.10.224 < 5.10.228 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10.224 < 5.10.228"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.15.165 < 5.15.169 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15.165 < 5.15.169"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.1.103 < 6.1.114 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1.103 < 6.1.114"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.6.44 < 6.6.58 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.6.44 < 6.6.58"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.11 < 6.11.5 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.11 < 6.11.5"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.11 < 6.12 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.11 < 6.12"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				6.10.3 Search vendor "Linux" for product "Linux Kernel" and version "6.10.3"		en		Affected