NVD

CVE-2024-26736 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: afs: Increase buffer size in afs_update_volume_status() The max length of volume->vid value is 20 characters. So increase idbuf[] size up to 24 to avoid overflow. Found by Linux Verification Center (linuxtesting.org) with SVACE. [DH: Actually, it's 20 + NUL, so increase it to 24 and use snprintf()]

Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.

CVSS 4.0 Severity and Vector Strings:

NIST: NVD

N/A

NVD assessment not yet provided.

CVSS 3.x Severity and Vector Strings:

NIST: NVD

Base Score: 7.8 HIGH

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0 Severity and Vector Strings:

National Institute of Standards and Technology

NIST: NVD

Base Score: N/A

NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink	Resource
https://git.kernel.org/stable/c/5c27d85a69fa16a08813ba37ddfb4bbc9a1ed6b5	Patch
https://git.kernel.org/stable/c/5c27d85a69fa16a08813ba37ddfb4bbc9a1ed6b5	Patch
https://git.kernel.org/stable/c/6e6065dd25b661420fac19c34282b6c626fcd35e	Patch
https://git.kernel.org/stable/c/6e6065dd25b661420fac19c34282b6c626fcd35e	Patch
https://git.kernel.org/stable/c/6ea38e2aeb72349cad50e38899b0ba6fbcb2af3d	Patch
https://git.kernel.org/stable/c/6ea38e2aeb72349cad50e38899b0ba6fbcb2af3d	Patch
https://git.kernel.org/stable/c/d34a5e57632bb5ff825196ddd9a48ca403626dfa	Patch
https://git.kernel.org/stable/c/d34a5e57632bb5ff825196ddd9a48ca403626dfa	Patch
https://git.kernel.org/stable/c/d9b5e2b7a8196850383c70d099bfd39e81ab6637	Patch
https://git.kernel.org/stable/c/d9b5e2b7a8196850383c70d099bfd39e81ab6637	Patch
https://git.kernel.org/stable/c/e56662160fc24d28cb75ac095cc6415ae1bda43e	Patch
https://git.kernel.org/stable/c/e56662160fc24d28cb75ac095cc6415ae1bda43e	Patch
https://git.kernel.org/stable/c/e8530b170e464017203e3b8c6c49af6e916aece1	Patch
https://git.kernel.org/stable/c/e8530b170e464017203e3b8c6c49af6e916aece1	Patch
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html	Mailing List

Weakness Enumeration

CWE-ID	CWE Name	Source
CWE-787	Out-of-bounds Write	NIST

Known Affected Software Configurations Switch to CPE 2.2

Configuration 1 ( hide )

cpe:2.3:o:linux:linux_kernel:::::::: Show Matching CPE(s)	From (including) 4.15	Up to (excluding) 5.4.270
cpe:2.3:o:linux:linux_kernel:::::::: Show Matching CPE(s)	From (including) 5.5	Up to (excluding) 5.10.211
cpe:2.3:o:linux:linux_kernel:::::::: Show Matching CPE(s)	From (including) 5.11	Up to (excluding) 5.15.150
cpe:2.3:o:linux:linux_kernel:::::::: Show Matching CPE(s)	From (including) 5.16	Up to (excluding) 6.1.80
cpe:2.3:o:linux:linux_kernel:::::::: Show Matching CPE(s)	From (including) 6.2	Up to (excluding) 6.6.19
cpe:2.3:o:linux:linux_kernel:::::::: Show Matching CPE(s)	From (including) 6.7	Up to (excluding) 6.7.7
cpe:2.3:o:linux:linux_kernel:6.8:rc1:::::: Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:6.8:rc2:::::: Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:6.8:rc3:::::: Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:6.8:rc4:::::: Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:6.8:rc5:::::: Show Matching CPE(s)

Configuration 2 ( hide )

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Show Matching CPE(s)

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

7 change records found show changes

Initial Analysis by NIST 3/17/2025 12:03:20 PM

Action	Type	New Value
Added	CVSS V3.1	AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Added	CWE	CWE-787
Added	CPE Configuration	OR cpe:2.3:o:debian:debian_linux:10.0:::::::
Added	CPE Configuration	Record truncated, showing 500 of 975 characters. View Entire Change Record OR cpe:2.3:o:linux:linux_kernel:6.8:rc1::::::* cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 5.16 up to (excluding) 6.1.80 cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 5.11 up to (excluding) 5.15.150 cpe:2.3:o:linux:linux_kernel:6.8:rc3::::::* cpe:2.3:o:linux:linux_kernel:6.8:rc4::::::* cpe:2.3:o:linux:linux_kernel:6.8:rc2::::::* *cpe:2.3:o:linux:linu
Added	Reference Type	CVE: https://git.kernel.org/stable/c/5c27d85a69fa16a08813ba37ddfb4bbc9a1ed6b5 Types: Patch
Added	Reference Type	CVE: https://git.kernel.org/stable/c/6e6065dd25b661420fac19c34282b6c626fcd35e Types: Patch
Added	Reference Type	CVE: https://git.kernel.org/stable/c/6ea38e2aeb72349cad50e38899b0ba6fbcb2af3d Types: Patch
Added	Reference Type	CVE: https://git.kernel.org/stable/c/d34a5e57632bb5ff825196ddd9a48ca403626dfa Types: Patch
Added	Reference Type	CVE: https://git.kernel.org/stable/c/d9b5e2b7a8196850383c70d099bfd39e81ab6637 Types: Patch
Added	Reference Type	CVE: https://git.kernel.org/stable/c/e56662160fc24d28cb75ac095cc6415ae1bda43e Types: Patch
Added	Reference Type	CVE: https://git.kernel.org/stable/c/e8530b170e464017203e3b8c6c49af6e916aece1 Types: Patch
Added	Reference Type	CVE: https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html Types: Mailing List
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/5c27d85a69fa16a08813ba37ddfb4bbc9a1ed6b5 Types: Patch
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/6e6065dd25b661420fac19c34282b6c626fcd35e Types: Patch
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/6ea38e2aeb72349cad50e38899b0ba6fbcb2af3d Types: Patch
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/d34a5e57632bb5ff825196ddd9a48ca403626dfa Types: Patch
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/d9b5e2b7a8196850383c70d099bfd39e81ab6637 Types: Patch
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/e56662160fc24d28cb75ac095cc6415ae1bda43e Types: Patch
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/e8530b170e464017203e3b8c6c49af6e916aece1 Types: Patch

CVE Modified by CVE 11/21/2024 4:02:57 AM

Action	Type	New Value
Added	Reference	https://git.kernel.org/stable/c/5c27d85a69fa16a08813ba37ddfb4bbc9a1ed6b5
Added	Reference	https://git.kernel.org/stable/c/6e6065dd25b661420fac19c34282b6c626fcd35e
Added	Reference	https://git.kernel.org/stable/c/6ea38e2aeb72349cad50e38899b0ba6fbcb2af3d
Added	Reference	https://git.kernel.org/stable/c/d34a5e57632bb5ff825196ddd9a48ca403626dfa
Added	Reference	https://git.kernel.org/stable/c/d9b5e2b7a8196850383c70d099bfd39e81ab6637
Added	Reference	https://git.kernel.org/stable/c/e56662160fc24d28cb75ac095cc6415ae1bda43e
Added	Reference	https://git.kernel.org/stable/c/e8530b170e464017203e3b8c6c49af6e916aece1
Added	Reference	https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

New CVE Received from kernel.org 4/03/2024 1:15:51 PM

Action	Type	New Value
Added	Description	In the Linux kernel, the following vulnerability has been resolved: afs: Increase buffer size in afs_update_volume_status() The max length of volume->vid value is 20 characters. So increase idbuf[] size up to 24 to avoid overflow. Found by Linux Verification Center (linuxtesting.org) with SVACE. [DH: Actually, it's 20 + NUL, so increase it to 24 and use snprintf()]
Added	Reference	kernel.org https://git.kernel.org/stable/c/5c27d85a69fa16a08813ba37ddfb4bbc9a1ed6b5 [No types assigned]
Added	Reference	kernel.org https://git.kernel.org/stable/c/6e6065dd25b661420fac19c34282b6c626fcd35e [No types assigned]
Added	Reference	kernel.org https://git.kernel.org/stable/c/6ea38e2aeb72349cad50e38899b0ba6fbcb2af3d [No types assigned]
Added	Reference	kernel.org https://git.kernel.org/stable/c/d34a5e57632bb5ff825196ddd9a48ca403626dfa [No types assigned]
Added	Reference	kernel.org https://git.kernel.org/stable/c/d9b5e2b7a8196850383c70d099bfd39e81ab6637 [No types assigned]
Added	Reference	kernel.org https://git.kernel.org/stable/c/e56662160fc24d28cb75ac095cc6415ae1bda43e [No types assigned]
Added	Reference	kernel.org https://git.kernel.org/stable/c/e8530b170e464017203e3b8c6c49af6e916aece1 [No types assigned]

Quick Info

CVE Dictionary Entry:
CVE-2024-26736
NVD Published Date:
04/03/2024
NVD Last Modified:
03/17/2025
Source:
kernel.org

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

CVE-2024-26736 Detail

Description

Metrics

References to Advisories, Solutions, and Tools

Weakness Enumeration

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Change History

Initial Analysis by NIST 3/17/2025 12:03:20 PM

CVE Modified by CVE 11/21/2024 4:02:57 AM

CVE Modified by kernel.org 11/05/2024 5:15:45 AM

CVE Modified by kernel.org 6/25/2024 6:15:21 PM

CVE Modified by kernel.org 5/29/2024 2:17:00 AM

CVE Modified by kernel.org 5/14/2024 11:09:58 AM

New CVE Received from kernel.org 4/03/2024 1:15:51 PM

Quick Info