CVE-2024-42301

In the Linux kernel, the following vulnerability has been resolved: dev/parport: fix the array out-of-bounds risk Fixed array out-of-bounds issues caused by sprintf by replacing it with snprintf for safer data copying, ensuring the destination buffer is not overflowed. Below is the stack trace I encountered during the actual issue: [ 66.575408s] [pid:5118,cpu4,QThread,4]Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: do_hardware_base_addr+0xcc/0xd0 [parport] [ 66.575408s] [pid:5118,cpu4,QThread,5]CPU: 4 PID: 5118 Comm: QThread Tainted: G S W O 5.10.97-arm64-desktop #7100.57021.2 [ 66.575439s] [pid:5118,cpu4,QThread,6]TGID: 5087 Comm: EFileApp [ 66.575439s] [pid:5118,cpu4,QThread,7]Hardware name: HUAWEI HUAWEI QingYun PGUX-W515x-B081/SP1PANGUXM, BIOS 1.00.07 04/29/2024 [ 66.575439s] [pid:5118,cpu4,QThread,8]Call trace: [ 66.575469s] [pid:5118,cpu4,QThread,9] dump_backtrace+0x0/0x1c0 [ 66.575469s] [pid:5118,cpu4,QThread,0] show_stack+0x14/0x20 [ 66.575469s] [pid:5118,cpu4,QThread,1] dump_stack+0xd4/0x10c [ 66.575500s] [pid:5118,cpu4,QThread,2] panic+0x1d8/0x3bc [ 66.575500s] [pid:5118,cpu4,QThread,3] __stack_chk_fail+0x2c/0x38 [ 66.575500s] [pid:5118,cpu4,QThread,4] do_hardware_base_addr+0xcc/0xd0 [parport]
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

History

22 Aug 2024, 16:31

Type Values Removed Values Added
References () https://git.kernel.org/stable/c/166a0bddcc27de41fe13f861c8348e8e53e988c8 - () https://git.kernel.org/stable/c/166a0bddcc27de41fe13f861c8348e8e53e988c8 - Patch
References () https://git.kernel.org/stable/c/47b3dce100778001cd76f7e9188944b5cb27a76d - () https://git.kernel.org/stable/c/47b3dce100778001cd76f7e9188944b5cb27a76d - Patch
References () https://git.kernel.org/stable/c/7789a1d6792af410aa9b39a1eb237ed24fa2170a - () https://git.kernel.org/stable/c/7789a1d6792af410aa9b39a1eb237ed24fa2170a - Patch
References () https://git.kernel.org/stable/c/7f4da759092a1a6ce35fb085182d02de8cc4cc84 - () https://git.kernel.org/stable/c/7f4da759092a1a6ce35fb085182d02de8cc4cc84 - Patch
References () https://git.kernel.org/stable/c/a44f88f7576bc1916d8d6293f5c62fbe7cbe03e0 - () https://git.kernel.org/stable/c/a44f88f7576bc1916d8d6293f5c62fbe7cbe03e0 - Patch
References () https://git.kernel.org/stable/c/ab11dac93d2d568d151b1918d7b84c2d02bacbd5 - () https://git.kernel.org/stable/c/ab11dac93d2d568d151b1918d7b84c2d02bacbd5 - Patch
References () https://git.kernel.org/stable/c/b579ea3516c371ecf59d073772bc45dfd28c8a0e - () https://git.kernel.org/stable/c/b579ea3516c371ecf59d073772bc45dfd28c8a0e - Patch
References () https://git.kernel.org/stable/c/c719b393374d3763e64900ee19aaed767d5a08d6 - () https://git.kernel.org/stable/c/c719b393374d3763e64900ee19aaed767d5a08d6 - Patch
First Time Linux
Linux linux Kernel
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.8
CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
CWE CWE-129

19 Aug 2024, 12:59

Type Values Removed Values Added
Summary
  • (es) En el kernel de Linux, se resolvió la siguiente vulnerabilidad: dev/parport: corrige el riesgo de que la matriz esté fuera de los límites. Se corrigieron los problemas de matriz fuera de los límites causados por sprintf reemplazándolo con snprintf para una copia de datos más segura, garantizando el búfer de destino no está desbordado. A continuación se muestra el seguimiento de la pila que encontré durante el problema real: [66.575408s] [pid:5118,cpu4,QThread,4]Pánico en el kernel: no se sincroniza: stack-protector: la pila del kernel está dañada en: do_hardware_base_addr+0xcc/0xd0 [parport ] [ 66.575408s] [pid:5118,cpu4,QThread,5]CPU: 4 PID: 5118 Comunicación: QThread contaminado: GSWO 5.10.97-arm64-desktop #7100.57021.2 [ 66.575439s] [pid:5118,cpu4, QThread,6]TGID: 5087 Comm: EFileApp [66.575439s] [pid:5118,cpu4,QThread,7]Nombre del hardware: HUAWEI HUAWEI QingYun PGUX-W515x-B081/SP1PANGUXM, BIOS 1.00.07 29/04/2024 [66.575439 s] [pid:5118,cpu4,QThread,8]Rastreo de llamadas: [66.575469s] [pid:5118,cpu4,QThread,9] dump_backtrace+0x0/0x1c0 [66.575469s] [pid:5118,cpu4,QThread,0 ] show_stack+0x14/0x20 [ 66.575469s] [pid:5118,cpu4,QThread,1] dump_stack+0xd4/0x10c [ 66.575500s] [pid:5118,cpu4,QThread,2] pánico+0x1d8/0x3bc [ 66.575500s] [pid:5118,cpu4,QThread,3] __stack_chk_fail+0x2c/0x38 [66.575500s] [pid:5118,cpu4,QThread,4] do_hardware_base_addr+0xcc/0xd0 [parport]

19 Aug 2024, 05:15

Type Values Removed Values Added
References
  • () https://git.kernel.org/stable/c/166a0bddcc27de41fe13f861c8348e8e53e988c8 -
  • () https://git.kernel.org/stable/c/47b3dce100778001cd76f7e9188944b5cb27a76d -
  • () https://git.kernel.org/stable/c/a44f88f7576bc1916d8d6293f5c62fbe7cbe03e0 -
  • () https://git.kernel.org/stable/c/c719b393374d3763e64900ee19aaed767d5a08d6 -

17 Aug 2024, 09:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-17 09:15

Updated : 2024-08-22 16:31


NVD link : CVE-2024-42301

Mitre link : CVE-2024-42301

CVE.ORG link : CVE-2024-42301


JSON object : View

Products Affected

linux

  • linux_kernel
CWE
CWE-129

Improper Validation of Array Index