In the Linux kernel, the following vulnerability has been resolved:
parport: Proper fix for array out-of-bounds access
The recent fix for array out-of-bounds accesses replaced sprintf()
calls blindly with snprintf(). However, since snprintf() returns the
would-be-printed size, not the actually output size, the length
calculation can still go over the given limit.
Use scnprintf() instead of snprintf(), which returns the actually
output letters, for addressing the potential out-of-bounds access
properly.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
08 Nov 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
31 Oct 2024, 18:23
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-125 | |
CPE | cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
First Time |
Linux
Linux linux Kernel Redhat Redhat enterprise Linux |
|
References | () https://git.kernel.org/stable/c/02ac3a9ef3a18b58d8f3ea2b6e46de657bf6c4f9 - Patch | |
References | () https://git.kernel.org/stable/c/1826b6d69bbb7f9ae8711827facbb2ad7f8d0aaa - Patch | |
References | () https://git.kernel.org/stable/c/2a8b26a09c8e3ea03da1ef3cd0ef6b96e559fba6 - Patch | |
References | () https://git.kernel.org/stable/c/440311903231c6e6c9bcf8acb6a2885a422e00bc - Patch | |
References | () https://git.kernel.org/stable/c/66029078fee00646e2e9dbb8f41ff7819f8e7569 - Patch | |
References | () https://git.kernel.org/stable/c/fca048f222ce9dcbde5708ba2bf81d85a4a27952 - Patch |
29 Oct 2024, 14:34
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
29 Oct 2024, 01:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-29 01:15
Updated : 2024-11-08 16:15
NVD link : CVE-2024-50074
Mitre link : CVE-2024-50074
CVE.ORG link : CVE-2024-50074
JSON object : View
Products Affected
redhat
- enterprise_linux
linux
- linux_kernel
CWE
CWE-125
Out-of-bounds Read