CVE-2024-50131
Published: November 7, 2024Last modified: November 7, 2024
Description
In the Linux kernel, the following vulnerability has been resolved: tracing: Consider the NULL character when validating the event length strlen() returns a string length excluding the null byte. If the string length equals to the maximum buffer length, the buffer will have no space for the NULL terminating character. This commit checks this condition and returns failure for it.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 7.8 |
| Attack Vector | LOCAL |
| Attack complexity | LOW |
| Privileges required | LOW |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | HIGH |
| Integrity impact | HIGH |
| Availability impact | HIGH |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Status
| Product | Release | Package | Status |
|---|---|---|---|
| Alpaquita Linux | 23 LTS | linux-lts | Fixed (6.1.115-r0) |
| Stream | linux-lts | Fixed (6.6.59-r0) |
References
- https://git.kernel.org/stable/c/02874ca52df2ca2423ba6122039315ed61c25972
- https://git.kernel.org/stable/c/0b6e2e22cb23105fcb171ab92f0f7516c69c8471
- https://git.kernel.org/stable/c/5e3231b352725ff4a3a0095e6035af674f2d8725
- https://git.kernel.org/stable/c/5fd942598ddeed9a212d1ff41f9f5b47bcc990a7
- https://git.kernel.org/stable/c/a14a075a14af8d622c576145455702591bdde09d
- https://git.kernel.org/stable/c/b86b0d6eea204116e4185acc35041ca4ff11a642
- https://git.kernel.org/stable/c/f4ed40d1c669bba1a54407d8182acdc405683f29