Описание
In the Linux kernel, the following vulnerability has been resolved:
NFS: Fix potential buffer overflowin nfs_sysfs_link_rpc_client()
name is char[64] where the size of clnt->cl_program->name remains unknown. Invoking strcat() directly will also lead to potential buffer overflow. Change them to strscpy() and strncat() to fix potential issues.
In the Linux kernel, the following vulnerability has been resolved:
NFS: Fix potential buffer overflowin nfs_sysfs_link_rpc_client()
name is char[64] where the size of clnt->cl_program->name remains unknown. Invoking strcat() directly will also lead to potential buffer overflow. Change them to strscpy() and strncat() to fix potential issues.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2024-54456
- https://git.kernel.org/stable/c/19b3ca651b4b473878c73539febe477905041442
- https://git.kernel.org/stable/c/49fd4e34751e90e6df009b70cd0659dc839e7ca8
- https://git.kernel.org/stable/c/dd8830779b77f4d1206d28d02ad56a03fc0e78f7
- https://git.kernel.org/stable/c/e8e0eb5601d4a6c74c336e3710afe3a0348c469d
Связанные уязвимости
In the Linux kernel, the following vulnerability has been resolved: NFS: Fix potential buffer overflowin nfs_sysfs_link_rpc_client() name is char[64] where the size of clnt->cl_program->name remains unknown. Invoking strcat() directly will also lead to potential buffer overflow. Change them to strscpy() and strncat() to fix potential issues.
In the Linux kernel, the following vulnerability has been resolved: NFS: Fix potential buffer overflowin nfs_sysfs_link_rpc_client() name is char[64] where the size of clnt->cl_program->name remains unknown. Invoking strcat() directly will also lead to potential buffer overflow. Change them to strscpy() and strncat() to fix potential issues.
In the Linux kernel, the following vulnerability has been resolved: NFS: Fix potential buffer overflowin nfs_sysfs_link_rpc_client() name is char[64] where the size of clnt->cl_program->name remains unknown. Invoking strcat() directly will also lead to potential buffer overflow. Change them to strscpy() and strncat() to fix potential issues.
In the Linux kernel, the following vulnerability has been resolved: N ...
Уязвимость функции nfs_sysfs_link_rpc_client() модуля fs/nfs/sysfs.c поддержки клиентов NFS ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации