7.1
CVE-2024-38585
- EPSS 0.23%
- Veröffentlicht 19.06.2024 14:15:18
- Zuletzt bearbeitet 17.09.2025 21:06:31
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
tools/nolibc/stdlib: fix memory error in realloc()
In the Linux kernel, the following vulnerability has been resolved: tools/nolibc/stdlib: fix memory error in realloc() Pass user_p_len to memcpy() instead of heap->len to prevent realloc() from copying an extra sizeof(heap) bytes from beyond the allocated region.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 5.19 < 6.1.93
Linux ≫ Linux Kernel Version >= 6.2 < 6.6.33
Linux ≫ Linux Kernel Version >= 6.7 < 6.8.12
Linux ≫ Linux Kernel Version >= 6.9 < 6.9.3
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.23% | 0.139 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.1 | 1.8 | 5.2 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
|
CWE-125 Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.
https://git.kernel.org/stable/c/4e6f225aefeb712cdb870176b6621f02cf235b8c
https://git.kernel.org/stable/c/5996b2b2dac739f2a27da13de8eee5b85b2550b3
https://git.kernel.org/stable/c/791f4641142e2aced85de082e5783b4fb0b977c2
https://git.kernel.org/stable/c/8019d3dd921f39a237a9fab6d2ce716bfac0f983
https://git.kernel.org/stable/c/f678c3c336559cf3255a32153e9a17c1be4e7c15