-

CVE-2024-26988

EPSS 0.06%
Veröffentlicht 01.05.2024 06:15:16
Zuletzt bearbeitet 21.11.2024 09:03:33
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

init/main.c: Fix potential static_command_line memory overflow

We allocate memory of size 'xlen + strlen(boot_command_line) + 1' for
static_command_line, but the strings copied into static_command_line are
extra_command_line and command_line, rather than extra_command_line and
boot_command_line.

When strlen(command_line) > strlen(boot_command_line), static_command_line
will overflow.

This patch just recovers strlen(command_line) which was miss-consolidated
with strlen(boot_command_line) in the commit f5c7310ac73e ("init/main: add
checks for the return value of memblock_alloc*()")

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 10

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 2ef607ea103616aec0289f1b65d103d499fa903a

Version f5c7310ac73ea270e3a1acdb73d1b4817f11fd67

Status affected

Version < 0dc727a4e05400205358a22c3d01ccad2c8e1fe4

Version f5c7310ac73ea270e3a1acdb73d1b4817f11fd67

Status affected

Version < 76c2f4d426a5358fced5d5990744d46f10a4ccea

Version f5c7310ac73ea270e3a1acdb73d1b4817f11fd67

Status affected

Version < 81cf85ae4f2dd5fa3e43021782aa72c4c85558e8

Version f5c7310ac73ea270e3a1acdb73d1b4817f11fd67

Status affected

Version < 936a02b5a9630c5beb0353c3085cc49d86c57034

Version f5c7310ac73ea270e3a1acdb73d1b4817f11fd67

Status affected

Version < 46dad3c1e57897ab9228332f03e1c14798d2d3b9

Version f5c7310ac73ea270e3a1acdb73d1b4817f11fd67

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 5.1

Status affected

Version < 5.1

Version 0

Status unaffected

Version <= 5.10.*

Version 5.10.216

Status unaffected

Version <= 5.15.*

Version 5.15.157

Status unaffected

Version <= 6.1.*

Version 6.1.88

Status unaffected

Version <= 6.6.*

Version 6.6.29

Status unaffected

Version <= 6.8.*

Version 6.8.8

Status unaffected

Version <= *

Version 6.9

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.176

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

https://git.kernel.org/stable/c/0dc727a4e05400205358a22c3d01ccad2c8e1fe4

https://git.kernel.org/stable/c/2ef607ea103616aec0289f1b65d103d499fa903a

https://git.kernel.org/stable/c/46dad3c1e57897ab9228332f03e1c14798d2d3b9

https://git.kernel.org/stable/c/76c2f4d426a5358fced5d5990744d46f10a4ccea

https://git.kernel.org/stable/c/81cf85ae4f2dd5fa3e43021782aa72c4c85558e8

https://git.kernel.org/stable/c/936a02b5a9630c5beb0353c3085cc49d86c57034

https://nvd.nist.gov/vuln/detail/CVE-2024-26988

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-26988

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-26988

EUVD