NVD

CVE-2024-35944 Detail

Modified After Enrichment

This CVE record has been updated after NVD enrichment efforts were completed. Enrichment data supplied by the NVD may require amendment due to these changes.

Description

In the Linux kernel, the following vulnerability has been resolved: VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host() Syzkaller hit 'WARNING in dg_dispatch_as_host' bug. memcpy: detected field-spanning write (size 56) of single field "&dg_info->msg" at drivers/misc/vmw_vmci/vmci_datagram.c:237 (size 24) WARNING: CPU: 0 PID: 1555 at drivers/misc/vmw_vmci/vmci_datagram.c:237 dg_dispatch_as_host+0x88e/0xa60 drivers/misc/vmw_vmci/vmci_datagram.c:237 Some code commentry, based on my understanding: 544 #define VMCI_DG_SIZE(_dg) (VMCI_DG_HEADERSIZE + (size_t)(_dg)->payload_size) /// This is 24 + payload_size memcpy(&dg_info->msg, dg, dg_size); Destination = dg_info->msg ---> this is a 24 byte structure(struct vmci_datagram) Source = dg --> this is a 24 byte structure (struct vmci_datagram) Size = dg_size = 24 + payload_size {payload_size = 56-24 =32} -- Syzkaller managed to set payload_size to 32. 35 struct delayed_datagram_info { 36 struct datagram_entry *entry; 37 struct work_struct work; 38 bool in_dg_host_queue; 39 /* msg and msg_payload must be together. */ 40 struct vmci_datagram msg; 41 u8 msg_payload[]; 42 }; So those extra bytes of payload are copied into msg_payload[], a run time warning is seen while fuzzing with Syzkaller. One possible way to fix the warning is to split the memcpy() into two parts -- one -- direct assignment of msg and second taking care of payload. Gustavo quoted: "Under FORTIFY_SOURCE we should not copy data across multiple members in a structure."

Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.

CVSS 4.0 Severity and Vector Strings:

NIST: NVD

N/A

NVD assessment not yet provided.

CVSS 3.x Severity and Vector Strings:

NIST: NVD

Base Score: 5.5 MEDIUM

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0 Severity and Vector Strings:

National Institute of Standards and Technology

NIST: NVD

Base Score: N/A

NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL	Source(s)	Tag(s)
https://cert-portal.siemens.com/productcert/html/ssa-265688.html	siemens-SADP
https://cert-portal.siemens.com/productcert/html/ssa-398330.html	siemens-SADP
https://git.kernel.org/stable/c/130b0cd064874e0d0f58e18fb00e6f3993e90c74	CVE, kernel.org	Patch
https://git.kernel.org/stable/c/19b070fefd0d024af3daa7329cbc0d00de5302ec	CVE, kernel.org	Patch
https://git.kernel.org/stable/c/491a1eb07c2bd8841d63cb5263455e185be5866f	CVE, kernel.org	Patch
https://git.kernel.org/stable/c/ad78c5047dc4076d0b3c4fad4f42ffe9c86e8100	CVE, kernel.org	Patch
https://git.kernel.org/stable/c/dae70a57565686f16089737adb8ac64471570f73	CVE, kernel.org	Patch
https://git.kernel.org/stable/c/e87bb99d2df6512d8ee37a5d63d2ca9a39a8c051	CVE, kernel.org	Patch
https://git.kernel.org/stable/c/f15eca95138b3d4ec17b63c3c1937b0aa0d3624b	CVE, kernel.org	Patch
https://git.kernel.org/stable/c/feacd430b42bbfa9ab3ed9e4f38b86c43e348c75	CVE, kernel.org	Patch
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html	CVE	Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html	CVE	Mailing List Third Party Advisory

Weakness Enumeration

CWE-ID	CWE Name	Source
NVD-CWE-noinfo	Insufficient Information	NIST

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

8 change records found show changes

Initial Analysis by NIST 12/16/2025 10:38:40 PM

Action	Type	New Value
Added	CVSS V3.1	AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Added	CWE	NVD-CWE-noinfo
Added	CPE Configuration	OR cpe:2.3:o:debian:debian_linux:10.0:::::::
Added	CPE Configuration	OR cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 5.5 up to (excluding) 5.10.215 cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 6.2 up to (excluding) 6.6.27 cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 4.20 up to (excluding) 5.4.274 cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 6.7 up to (excluding) 6.8.6 cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 5.16 up to (excluding) 6.1.86 cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 5.11 up to (excluding) 5.15.155 cpe:2.3:o:linux:linux_kernel::::::::* versions up to (excluding) 4.19.312
Added	Reference Type	CVE: https://git.kernel.org/stable/c/130b0cd064874e0d0f58e18fb00e6f3993e90c74 Types: Patch
Added	Reference Type	CVE: https://git.kernel.org/stable/c/19b070fefd0d024af3daa7329cbc0d00de5302ec Types: Patch
Added	Reference Type	CVE: https://git.kernel.org/stable/c/491a1eb07c2bd8841d63cb5263455e185be5866f Types: Patch
Added	Reference Type	CVE: https://git.kernel.org/stable/c/ad78c5047dc4076d0b3c4fad4f42ffe9c86e8100 Types: Patch
Added	Reference Type	CVE: https://git.kernel.org/stable/c/dae70a57565686f16089737adb8ac64471570f73 Types: Patch
Added	Reference Type	CVE: https://git.kernel.org/stable/c/e87bb99d2df6512d8ee37a5d63d2ca9a39a8c051 Types: Patch
Added	Reference Type	CVE: https://git.kernel.org/stable/c/f15eca95138b3d4ec17b63c3c1937b0aa0d3624b Types: Patch
Added	Reference Type	CVE: https://git.kernel.org/stable/c/feacd430b42bbfa9ab3ed9e4f38b86c43e348c75 Types: Patch
Added	Reference Type	CVE: https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html Types: Mailing List, Third Party Advisory
Added	Reference Type	CVE: https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html Types: Mailing List, Third Party Advisory
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/130b0cd064874e0d0f58e18fb00e6f3993e90c74 Types: Patch
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/19b070fefd0d024af3daa7329cbc0d00de5302ec Types: Patch
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/491a1eb07c2bd8841d63cb5263455e185be5866f Types: Patch
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/ad78c5047dc4076d0b3c4fad4f42ffe9c86e8100 Types: Patch
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/dae70a57565686f16089737adb8ac64471570f73 Types: Patch
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/e87bb99d2df6512d8ee37a5d63d2ca9a39a8c051 Types: Patch
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/f15eca95138b3d4ec17b63c3c1937b0aa0d3624b Types: Patch
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/feacd430b42bbfa9ab3ed9e4f38b86c43e348c75 Types: Patch

CVE Modified by CVE 11/21/2024 4:21:15 AM

Action	Type	New Value
Added	Reference	https://git.kernel.org/stable/c/130b0cd064874e0d0f58e18fb00e6f3993e90c74
Added	Reference	https://git.kernel.org/stable/c/19b070fefd0d024af3daa7329cbc0d00de5302ec
Added	Reference	https://git.kernel.org/stable/c/491a1eb07c2bd8841d63cb5263455e185be5866f
Added	Reference	https://git.kernel.org/stable/c/ad78c5047dc4076d0b3c4fad4f42ffe9c86e8100
Added	Reference	https://git.kernel.org/stable/c/dae70a57565686f16089737adb8ac64471570f73
Added	Reference	https://git.kernel.org/stable/c/e87bb99d2df6512d8ee37a5d63d2ca9a39a8c051
Added	Reference	https://git.kernel.org/stable/c/f15eca95138b3d4ec17b63c3c1937b0aa0d3624b
Added	Reference	https://git.kernel.org/stable/c/feacd430b42bbfa9ab3ed9e4f38b86c43e348c75
Added	Reference	https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
Added	Reference	https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

New CVE Received from kernel.org 5/19/2024 7:15:50 AM

Action	Type	New Value
Added	Description	In the Linux kernel, the following vulnerability has been resolved: VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host() Syzkaller hit 'WARNING in dg_dispatch_as_host' bug. memcpy: detected field-spanning write (size 56) of single field "&dg_info->msg" at drivers/misc/vmw_vmci/vmci_datagram.c:237 (size 24) WARNING: CPU: 0 PID: 1555 at drivers/misc/vmw_vmci/vmci_datagram.c:237 dg_dispatch_as_host+0x88e/0xa60 drivers/misc/vmw_vmci/vmci_datagram.c:237 Some code commentry, based on my understanding: 544 #define VMCI_DG_SIZE(_dg) (VMCI_DG_HEADERSIZE + (size_t)(_dg)->payload_size) /// This is 24 + payload_size memcpy(&dg_info->msg, dg, dg_size); Destination = dg_info->msg ---> this is a 24 byte structure(struct vmci_datagram) Source = dg --> this is a 24 byte structure (struct vmci_datagram) Size = dg_size = 24 + payload_size {payload_size = 56-24 =32} -- Syzkaller managed to set payload_size to 32. 35 struct delayed_datagram_info { 36 struct datagram_entry entry; 37 struct work_struct work; 38 bool in_dg_host_queue; 39 / msg and msg_payload must be together. */ 40 struct vmci_datagram msg; 41 u8 msg_payload[]; 42 }; So those extra bytes of payload are copied into msg_payload[], a run time warning is seen while fuzzing with Syzkaller. One possible way to fix the warning is to split the memcpy() into two parts -- one -- direct assignment of msg and second taking care of payload. Gustavo quoted: "Under FORTIFY_SOURCE we should not copy data across multiple members in a structure."
Added	Reference	kernel.org https://git.kernel.org/stable/c/130b0cd064874e0d0f58e18fb00e6f3993e90c74 [No types assigned]
Added	Reference	kernel.org https://git.kernel.org/stable/c/19b070fefd0d024af3daa7329cbc0d00de5302ec [No types assigned]
Added	Reference	kernel.org https://git.kernel.org/stable/c/491a1eb07c2bd8841d63cb5263455e185be5866f [No types assigned]
Added	Reference	kernel.org https://git.kernel.org/stable/c/ad78c5047dc4076d0b3c4fad4f42ffe9c86e8100 [No types assigned]
Added	Reference	kernel.org https://git.kernel.org/stable/c/dae70a57565686f16089737adb8ac64471570f73 [No types assigned]
Added	Reference	kernel.org https://git.kernel.org/stable/c/e87bb99d2df6512d8ee37a5d63d2ca9a39a8c051 [No types assigned]
Added	Reference	kernel.org https://git.kernel.org/stable/c/f15eca95138b3d4ec17b63c3c1937b0aa0d3624b [No types assigned]
Added	Reference	kernel.org https://git.kernel.org/stable/c/feacd430b42bbfa9ab3ed9e4f38b86c43e348c75 [No types assigned]

Quick Info

CVE Dictionary Entry:
CVE-2024-35944
NVD Published Date:
05/19/2024
NVD Last Modified:
05/12/2026
Source:
kernel.org

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

CVE-2024-35944 Detail

Description

Metrics

References to Advisories, Solutions, and Tools

Weakness Enumeration

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Change History

CVE Modified by siemens-SADP 5/12/2026 8:16:42 AM

Initial Analysis by NIST 12/16/2025 10:38:40 PM

CVE Modified by CVE 11/21/2024 4:21:15 AM

CVE Modified by kernel.org 11/05/2024 5:16:55 AM

CVE Modified by kernel.org 6/27/2024 8:15:26 AM

CVE Modified by kernel.org 6/25/2024 6:15:33 PM

CVE Modified by kernel.org 5/29/2024 2:18:22 AM

New CVE Received from kernel.org 5/19/2024 7:15:50 AM

Quick Info