7.1

CVE-2024-38585

tools/nolibc/stdlib: fix memory error in realloc()

In the Linux kernel, the following vulnerability has been resolved:

tools/nolibc/stdlib: fix memory error in realloc()

Pass user_p_len to memcpy() instead of heap->len to prevent realloc()
from copying an extra sizeof(heap) bytes from beyond the allocated
region.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.19 < 6.1.93
LinuxLinux Kernel Version >= 6.2 < 6.6.33
LinuxLinux Kernel Version >= 6.7 < 6.8.12
LinuxLinux Kernel Version >= 6.9 < 6.9.3
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.23% 0.139
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.1 1.8 5.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://git.kernel.org/stable/c/4e6f225aefeb712cdb870176b6621f02cf235b8c
Patch
https://git.kernel.org/stable/c/5996b2b2dac739f2a27da13de8eee5b85b2550b3
Patch
https://git.kernel.org/stable/c/791f4641142e2aced85de082e5783b4fb0b977c2
Patch
https://git.kernel.org/stable/c/8019d3dd921f39a237a9fab6d2ce716bfac0f983
Patch
https://git.kernel.org/stable/c/f678c3c336559cf3255a32153e9a17c1be4e7c15
Patch