-

CVE-2024-36957

EPSS 0.1%
Veröffentlicht 30.05.2024 16:15:18
Zuletzt bearbeitet 21.11.2024 09:22:54
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

octeontx2-af: avoid off-by-one read from userspace

We try to access count + 1 byte from userspace with memdup_user(buffer,
count + 1). However, the userspace only provides buffer of count bytes and
only these count bytes are verified to be okay to access. To ensure the
copied buffer is NUL terminated, we use memdup_user_nul instead.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 10

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < bcdac70adceb44373da204c3c297f2a98e13216e

Version dae49384d0d7695540e2d75168f323cef1384810

Status affected

Version < ec697fbd38cbe2eef0948b58673b146caa95402f

Version 3a2eb515d1367c0f667b76089a6e727279c688b8

Status affected

Version < 8f11fe3ea3fc261640cfc8a5addd838000407c67

Version 3a2eb515d1367c0f667b76089a6e727279c688b8

Status affected

Version < 0a0285cee11c7dcc2657bcd456e469958a5009e7

Version 3a2eb515d1367c0f667b76089a6e727279c688b8

Status affected

Version < fc3e0076c1f82fe981d321e3a7bad4cbee542c19

Version 3a2eb515d1367c0f667b76089a6e727279c688b8

Status affected

Version < f299ee709fb45036454ca11e90cb2810fe771878

Version 3a2eb515d1367c0f667b76089a6e727279c688b8

Status affected

Version c9a2ed3fdd037314a71e6a6ba5d99a3605f6f9c7

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 5.12

Status affected

Version < 5.12

Version 0

Status unaffected

Version <= 5.10.*

Version 5.10.217

Status unaffected

Version <= 5.15.*

Version 5.15.159

Status unaffected

Version <= 6.1.*

Version 6.1.91

Status unaffected

Version <= 6.6.*

Version 6.6.31

Status unaffected

Version <= 6.8.*

Version 6.8.10

Status unaffected

Version <= *

Version 6.9

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.1%	0.278

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html

https://git.kernel.org/stable/c/0a0285cee11c7dcc2657bcd456e469958a5009e7

https://git.kernel.org/stable/c/8f11fe3ea3fc261640cfc8a5addd838000407c67

https://git.kernel.org/stable/c/bcdac70adceb44373da204c3c297f2a98e13216e

https://git.kernel.org/stable/c/ec697fbd38cbe2eef0948b58673b146caa95402f

https://git.kernel.org/stable/c/f299ee709fb45036454ca11e90cb2810fe771878

https://git.kernel.org/stable/c/fc3e0076c1f82fe981d321e3a7bad4cbee542c19

https://nvd.nist.gov/vuln/detail/CVE-2024-36957

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-36957

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-36957

EUVD