CVE-2024-54456

Опубликовано: 27 фев. 2025

Источник: redhat

CVSS3: 7.1

EPSS Низкий

Описание

In the Linux kernel, the following vulnerability has been resolved: NFS: Fix potential buffer overflowin nfs_sysfs_link_rpc_client() name is char[64] where the size of clnt->cl_program->name remains unknown. Invoking strcat() directly will also lead to potential buffer overflow. Change them to strscpy() and strncat() to fix potential issues.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 10	kernel	Affected
Red Hat Enterprise Linux 6	kernel	Not affected
Red Hat Enterprise Linux 7	kernel	Not affected
Red Hat Enterprise Linux 7	kernel-rt	Not affected
Red Hat Enterprise Linux 8	kernel	Out of support scope
Red Hat Enterprise Linux 8	kernel-rt	Out of support scope
Red Hat Enterprise Linux 9	kernel	Affected
Red Hat Enterprise Linux 9	kernel-rt	Will not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-120

https://bugzilla.redhat.com/show_bug.cgi?id=2348541kernel: NFS: Fix potential buffer overflowin nfs_sysfs_link_rpc_client()

EPSS

Процентиль: 11%

0.00038

Низкий

7.1 High

CVSS3

Связанные уязвимости

CVE-2024-54456

CVSS3: 7.8

ubuntu

10 месяцев назад

CVE-2024-54456

CVSS3: 7.8

nvd

10 месяцев назад

CVE-2024-54456

CVSS3: 7.8

debian

10 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: N ...

GHSA-cf23-xh47-rxhj

CVSS3: 7.8

github

10 месяцев назад

ELSA-2025-20095-0

oracle-oval

около 1 месяца назад

ELSA-2025-20095-0: kernel security update (MODERATE)

EPSS

Процентиль: 11%

0.00038

Низкий

7.1 High

CVSS3