CVE-2024-36931
Published: June 4, 2024Last modified: June 4, 2024
Description
In the Linux kernel, the following vulnerability has been resolved: s390/cio: Ensure the copied buf is NUL terminated Currently, we allocate a lbuf-sized kernel buffer and copy lbuf from userspace to that buffer. Later, we use scanf on this buffer but we don't ensure that the string is terminated inside the buffer, this can lead to OOB read when using scanf. Fix this issue by using memdup_user_nul instead.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 7.1 |
| Attack Vector | LOCAL |
| Attack complexity | LOW |
| Privileges required | LOW |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | HIGH |
| Integrity impact | NONE |
| Availability impact | HIGH |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
Status
| Product | Release | Package | Status |
|---|---|---|---|
| Alpaquita Linux | 23 LTS | linux-lts | Fixed (6.1.91-r0) |
| Stream | linux-lts | Fixed (6.6.58-r0) |
References
- https://git.kernel.org/stable/c/06759ebaf75c19c87b2453a5e130e9e61e9b5d65
- https://git.kernel.org/stable/c/10452edd175fcc4fd0f5ac782ed2a002e3e5d65c
- https://git.kernel.org/stable/c/84b38f48836662c4bfae646c014f4e981e16a2b2
- https://git.kernel.org/stable/c/c9d48ce163305595ae20aee27774192476d5e6a5
- https://git.kernel.org/stable/c/da7c622cddd4fe36be69ca61e8c42e43cde94784