U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

CVE-2024-26889 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_core: Fix possible buffer overflow struct hci_dev_info has a fixed size name[8] field so in the event that hdev->name is bigger than that strcpy would attempt to write past its size, so this fixes this problem by switching to use strscpy.


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NIST CVSS score
NIST: NVD
N/A
NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource
https://git.kernel.org/stable/c/2e845867b4e279eff0a19ade253390470e07e8a1
https://git.kernel.org/stable/c/2edce8e9a99dd5e4404259d52e754fdc97fb42c2
https://git.kernel.org/stable/c/4c69abb4d41ece30d9f4cfdf51cf3ee838f48723
https://git.kernel.org/stable/c/54a03e4ac1a41edf8a5087bd59f8241b0de96d3d
https://git.kernel.org/stable/c/68644bf5ec6baaff40fc39b3529c874bfda709bd
https://git.kernel.org/stable/c/6d5a9d4a7bcbb7534ce45a18a52e7bd23e69d8ac
https://git.kernel.org/stable/c/81137162bfaa7278785b24c1fd2e9e74f082e8e4
https://git.kernel.org/stable/c/8c28598a2c29201d2ba7fc37539a7d41c264fb10
https://git.kernel.org/stable/c/a41c8efe659caed0e21422876bbb6b73c15b5244
https://git.kernel.org/stable/c/d47e6c1932cee02954ea588c9f09fd5ecefeadfc

Weakness Enumeration

CWE-ID CWE Name Source
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CISA-ADP  

Change History

8 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2024-26889
NVD Published Date:
04/17/2024
NVD Last Modified:
11/17/2024
Source:
kernel.org