7.1

CVE-2024-36931

s390/cio: Ensure the copied buf is NUL terminated

In the Linux kernel, the following vulnerability has been resolved:

s390/cio: Ensure the copied buf is NUL terminated

Currently, we allocate a lbuf-sized kernel buffer and copy lbuf from
userspace to that buffer. Later, we use scanf on this buffer but we don't
ensure that the string is terminated inside the buffer, this can lead to
OOB read when using scanf. Fix this issue by using memdup_user_nul instead.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.13 < 5.15.159
LinuxLinux Kernel Version >= 5.16 < 6.1.91
LinuxLinux Kernel Version >= 6.2 < 6.6.31
LinuxLinux Kernel Version >= 6.7 < 6.8.10
LinuxLinux Kernel Version6.9 Updaterc1
LinuxLinux Kernel Version6.9 Updaterc2
LinuxLinux Kernel Version6.9 Updaterc3
LinuxLinux Kernel Version6.9 Updaterc4
LinuxLinux Kernel Version6.9 Updaterc5
LinuxLinux Kernel Version6.9 Updaterc6
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.23% 0.139
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.1 1.8 5.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://git.kernel.org/stable/c/06759ebaf75c19c87b2453a5e130e9e61e9b5d65
Patch
https://git.kernel.org/stable/c/10452edd175fcc4fd0f5ac782ed2a002e3e5d65c
Patch
https://git.kernel.org/stable/c/84b38f48836662c4bfae646c014f4e981e16a2b2
Patch
https://git.kernel.org/stable/c/c9d48ce163305595ae20aee27774192476d5e6a5
Patch
https://git.kernel.org/stable/c/da7c622cddd4fe36be69ca61e8c42e43cde94784
Patch