U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

CVE-2024-36934 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: bna: ensure the copied buf is NUL terminated Currently, we allocate a nbytes-sized kernel buffer and copy nbytes from userspace to that buffer. Later, we use sscanf on this buffer but we don't ensure that the string is terminated inside the buffer, this can lead to OOB read when using sscanf. Fix this issue by using memdup_user_nul instead of memdup_user.


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NIST CVSS score
NIST: NVD
N/A
NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource
https://git.kernel.org/stable/c/06cb37e2ba6441888f24566a997481d4197b4e32
https://git.kernel.org/stable/c/0f560240b4cc25d3de527deb257cdf072c0102a9
https://git.kernel.org/stable/c/1518b2b498a0109eb6b15755169d3b6607356b35
https://git.kernel.org/stable/c/6f0f19b79c085cc891c418b768f26f7004bd51a4
https://git.kernel.org/stable/c/80578ec10335bc15ac35fd1703c22aab34e39fdd
https://git.kernel.org/stable/c/8c34096c7fdf272fd4c0c37fe411cd2e3ed0ee9f
https://git.kernel.org/stable/c/bd502ba81cd1d515deddad7dbc6b812b14b97147
https://git.kernel.org/stable/c/e19478763154674c084defc62ae0d64d79657f91

Weakness Enumeration

CWE-ID CWE Name Source

Change History

3 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2024-36934
NVD Published Date:
05/30/2024
NVD Last Modified:
11/05/2024
Source:
kernel.org