GHSA-c8jq-9f5m-r697

Опубликовано: 21 окт. 2024

Источник: github

Github: Не прошло ревью

CVSS3: 7.8

Описание

In the Linux kernel, the following vulnerability has been resolved:

tipc: guard against string buffer overrun

Smatch reports that copying media_name and if_name to name_parts may overwrite the destination.

.../bearer.c:166 bearer_name_validate() error: strcpy() 'media_name' too large for 'name_parts->media_name' (32 vs 16) .../bearer.c:167 bearer_name_validate() error: strcpy() 'if_name' too large for 'name_parts->if_name' (1010102 vs 16)

This does seem to be the case so guard against this possibility by using strscpy() and failing if truncation occurs.

Introduced by commit b97bf3fd8f6a ("[TIPC] Initial merge")

Compile tested only.

In the Linux kernel, the following vulnerability has been resolved:

tipc: guard against string buffer overrun

Smatch reports that copying media_name and if_name to name_parts may overwrite the destination.

This does seem to be the case so guard against this possibility by using strscpy() and failing if truncation occurs.

Introduced by commit b97bf3fd8f6a ("[TIPC] Initial merge")

Compile tested only.

Ссылки

7.8 High

CVSS3

CVE ID

CVE-2024-49995

Связанные уязвимости

CVE-2024-49995

ubuntu

8 месяцев назад

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2024-49995

CVSS3: 7.1

redhat

8 месяцев назад

A string buffer over-run was found in the Linux kernel. Copying media_name and if_name to name_parts may overwrite the destination, resulting in a software crash.

CVE-2024-49995

nvd

8 месяцев назад

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2024-49995

msrc

7 месяцев назад

Описание отсутствует

SUSE-SU-2024:4397-1

suse-cvrf

6 месяцев назад

Security update for the Linux Kernel

7.8 High

CVSS3

CVE ID

CVE-2024-49995