7.8

CVE-2024-26753

crypto: virtio/akcipher - Fix stack overflow on memcpy

In the Linux kernel, the following vulnerability has been resolved:

crypto: virtio/akcipher - Fix stack overflow on memcpy

sizeof(struct virtio_crypto_akcipher_session_para) is less than
sizeof(struct virtio_crypto_op_ctrl_req::u), copying more bytes from
stack variable leads stack overflow. Clang reports this issue by
commands:
make -j CC=clang-14 mrproper >/dev/null 2>&1
make -j O=/tmp/crypto-build CC=clang-14 allmodconfig >/dev/null 2>&1
make -j O=/tmp/crypto-build W=1 CC=clang-14 drivers/crypto/virtio/
  virtio_crypto_akcipher_algs.o
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.10.209 < 5.10.212
LinuxLinux Kernel Version >= 5.18 < 6.1.80
LinuxLinux Kernel Version >= 6.2 < 6.6.19
LinuxLinux Kernel Version >= 6.7 < 6.7.7
LinuxLinux Kernel Version6.8 Updaterc1
LinuxLinux Kernel Version6.8 Updaterc2
LinuxLinux Kernel Version6.8 Updaterc3
LinuxLinux Kernel Version6.8 Updaterc4
LinuxLinux Kernel Version6.8 Updaterc5
DebianDebian Linux Version10.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.27% 0.183
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
Mailing List
https://git.kernel.org/stable/c/37077ed16c7793e21b005979d33f8a61565b7e86
Patch
https://git.kernel.org/stable/c/62f361bfea60c6afc3df09c1ad4152e6507f6f47
Patch
https://git.kernel.org/stable/c/b0365460e945e1117b47cf7329d86de752daff63
Patch
https://git.kernel.org/stable/c/c0ec2a712daf133d9996a8a1b7ee2d4996080363
Patch
https://git.kernel.org/stable/c/ef1e47d50324e232d2da484fe55a54274eeb9bc1
Patch