CVE-2024-50259

In the Linux kernel, the following vulnerability has been resolved: netdevsim: Add trailing zero to terminate the string in nsim_nexthop_bucket_activity_write() This was found by a static analyzer. We should not forget the trailing zero after copy_from_user() if we will further do some string operations, sscanf() in this case. Adding a trailing zero will ensure that the function performs properly.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc5:*:*:*:*:*:*

History

14 Nov 2024, 18:24

Type Values Removed Values Added
References () https://git.kernel.org/stable/c/27bd7a742e171362c9eb52ad5d1d71d3321f949f - () https://git.kernel.org/stable/c/27bd7a742e171362c9eb52ad5d1d71d3321f949f - Patch
References () https://git.kernel.org/stable/c/4ce1f56a1eaced2523329bef800d004e30f2f76c - () https://git.kernel.org/stable/c/4ce1f56a1eaced2523329bef800d004e30f2f76c - Patch
References () https://git.kernel.org/stable/c/6a604877160fe5ab2e1985d5ce1ba6a61abe0693 - () https://git.kernel.org/stable/c/6a604877160fe5ab2e1985d5ce1ba6a61abe0693 - Patch
References () https://git.kernel.org/stable/c/bcba86e03b3aac361ea671672cf48eed11f9011c - () https://git.kernel.org/stable/c/bcba86e03b3aac361ea671672cf48eed11f9011c - Patch
References () https://git.kernel.org/stable/c/c2150f666c6fc301d5d1643ed0f92251f1a0ff0d - () https://git.kernel.org/stable/c/c2150f666c6fc301d5d1643ed0f92251f1a0ff0d - Patch
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.5
First Time Linux
Linux linux Kernel
CPE cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*
CWE CWE-125

12 Nov 2024, 13:56

Type Values Removed Values Added
Summary
  • (es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netdevsim: agregar un cero final para terminar la cadena en nsim_nexthop_bucket_activity_write(). Esto lo encontró un analizador estático. No debemos olvidar el cero final después de copy_from_user() si vamos a realizar más operaciones con cadenas, sscanf() en este caso. Agregar un cero final garantizará que la función se ejecute correctamente.

09 Nov 2024, 11:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-11-09 11:15

Updated : 2024-11-14 18:24


NVD link : CVE-2024-50259

Mitre link : CVE-2024-50259

CVE.ORG link : CVE-2024-50259


JSON object : View

Products Affected

linux

  • linux_kernel
CWE
CWE-125

Out-of-bounds Read