7.8

CVE-2024-43839

bna: adjust 'name' buf size of bna_tcb and bna_ccb structures

In the Linux kernel, the following vulnerability has been resolved:

bna: adjust 'name' buf size of bna_tcb and bna_ccb structures

To have enough space to write all possible sprintf() args. Currently
'name' size is 16, but the first '%s' specifier may already need at
least 16 characters, since 'bnad->netdev->name' is used there.

For '%d' specifiers, assume that they require:
 * 1 char for 'tx_id + tx_info->tcb[i]->id' sum, BNAD_MAX_TXQ_PER_TX is 8
 * 2 chars for 'rx_id + rx_info->rx_ctrl[i].ccb->id', BNAD_MAX_RXP_PER_RX
   is 16

And replace sprintf with snprintf.

Detected using the static analysis tool - Svace.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DebianDebian Linux Version11.0
LinuxLinux Kernel Version >= 2.6.37 < 4.19.320
LinuxLinux Kernel Version >= 4.20 < 5.4.282
LinuxLinux Kernel Version >= 5.5 < 5.10.224
LinuxLinux Kernel Version >= 5.11 < 5.15.165
LinuxLinux Kernel Version >= 5.16 < 6.1.103
LinuxLinux Kernel Version >= 6.2 < 6.6.44
LinuxLinux Kernel Version >= 6.7 < 6.10.3
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.25% 0.165
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://git.kernel.org/stable/c/6ce46045f9b90d952602e2c0b8886cfadf860bf1
Patch
https://git.kernel.org/stable/c/6d20c4044ab4d0e6a99aa35853e66f0aed5589e3
Patch
https://git.kernel.org/stable/c/ab748dd10d8742561f2980fea08ffb4f0cacfdef
Patch
https://git.kernel.org/stable/c/b0ff0cd0847b03c0a0abe20cfa900eabcfcb9e43
Patch
https://git.kernel.org/stable/c/c90b1cd7758fd4839909e838ae195d19f8065d76
Patch
https://git.kernel.org/stable/c/c9741a03dc8e491e57b95fba0058ab46b7e506da
Patch
https://git.kernel.org/stable/c/e0f48f51d55fb187400e9787192eda09fa200ff5
Patch
https://git.kernel.org/stable/c/f121740f69eda4da2de9a20a6687a13593e72540
Patch
https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html
Third Party Advisory
Mailing List
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
Third Party Advisory
Mailing List