fkie_cve-2024-36931
Vulnerability from fkie_nvd
Published
2024-05-30 16:15
Modified
2025-01-15 18:39
Severity ?
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved: s390/cio: Ensure the copied buf is NUL terminated Currently, we allocate a lbuf-sized kernel buffer and copy lbuf from userspace to that buffer. Later, we use scanf on this buffer but we don't ensure that the string is terminated inside the buffer, this can lead to OOB read when using scanf. Fix this issue by using memdup_user_nul instead.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/06759ebaf75c19c87b2453a5e130e9e61e9b5d65Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/10452edd175fcc4fd0f5ac782ed2a002e3e5d65cPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/84b38f48836662c4bfae646c014f4e981e16a2b2Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/c9d48ce163305595ae20aee27774192476d5e6a5Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/da7c622cddd4fe36be69ca61e8c42e43cde94784Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/06759ebaf75c19c87b2453a5e130e9e61e9b5d65Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/10452edd175fcc4fd0f5ac782ed2a002e3e5d65cPatch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/84b38f48836662c4bfae646c014f4e981e16a2b2Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/c9d48ce163305595ae20aee27774192476d5e6a5Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/da7c622cddd4fe36be69ca61e8c42e43cde94784Patch
Impacted products
Vendor Product Version
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel 6.9
linux linux_kernel 6.9
linux linux_kernel 6.9
linux linux_kernel 6.9
linux linux_kernel 6.9
linux linux_kernel 6.9


To clipboard 

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3067E90C-C0BE-4923-8575-608C92595F8B",
                     versionEndExcluding: "5.15.159",
                     versionStartIncluding: "5.13",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "4F8C886C-75AA-469B-A6A9-12BF1A29C0D5",
                     versionEndExcluding: "6.1.91",
                     versionStartIncluding: "5.16",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CDDB1F69-36AC-41C1-9192-E7CCEF5FFC00",
                     versionEndExcluding: "6.6.31",
                     versionStartIncluding: "6.2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6A6B920C-8D8F-4130-86B4-AD334F4CF2E3",
                     versionEndExcluding: "6.8.10",
                     versionStartIncluding: "6.7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "22BEDD49-2C6D-402D-9DBF-6646F6ECD10B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:linux:linux_kernel:6.9:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "DF73CB2A-DFFD-46FB-9BFE-AA394F27EA37",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:linux:linux_kernel:6.9:rc3:*:*:*:*:*:*",
                     matchCriteriaId: "52048DDA-FC5A-4363-95A0-A6357B4D7F8C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:linux:linux_kernel:6.9:rc4:*:*:*:*:*:*",
                     matchCriteriaId: "A06B2CCF-3F43-4FA9-8773-C83C3F5764B2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:linux:linux_kernel:6.9:rc5:*:*:*:*:*:*",
                     matchCriteriaId: "F850DCEC-E08B-4317-A33B-D2DCF39F601B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:linux:linux_kernel:6.9:rc6:*:*:*:*:*:*",
                     matchCriteriaId: "91326417-E981-482E-A5A3-28BC1327521B",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/cio: Ensure the copied buf is NUL terminated\n\nCurrently, we allocate a lbuf-sized kernel buffer and copy lbuf from\nuserspace to that buffer. Later, we use scanf on this buffer but we don't\nensure that the string is terminated inside the buffer, this can lead to\nOOB read when using scanf. Fix this issue by using memdup_user_nul instead.",
      },
      {
         lang: "es",
         value: "En el kernel de Linux, se resolvió la siguiente vulnerabilidad: s390/cio: asegúrese de que el buf copiado tenga terminación NUL. Actualmente, asignamos un búfer del kernel del tamaño de lbuf y copiamos lbuf del espacio de usuario a ese búfer. Más adelante, usamos scanf en este búfer pero no nos aseguramos de que la cadena termine dentro del búfer, esto puede provocar una lectura OOB cuando usamos scanf. Solucione este problema utilizando memdup_user_nul en su lugar.",
      },
   ],
   id: "CVE-2024-36931",
   lastModified: "2025-01-15T18:39:58.523",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 7.1,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 5.2,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2024-05-30T16:15:16.293",
   references: [
      {
         source: "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
         tags: [
            "Patch",
         ],
         url: "https://git.kernel.org/stable/c/06759ebaf75c19c87b2453a5e130e9e61e9b5d65",
      },
      {
         source: "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
         tags: [
            "Patch",
         ],
         url: "https://git.kernel.org/stable/c/10452edd175fcc4fd0f5ac782ed2a002e3e5d65c",
      },
      {
         source: "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
         tags: [
            "Patch",
         ],
         url: "https://git.kernel.org/stable/c/84b38f48836662c4bfae646c014f4e981e16a2b2",
      },
      {
         source: "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
         tags: [
            "Patch",
         ],
         url: "https://git.kernel.org/stable/c/c9d48ce163305595ae20aee27774192476d5e6a5",
      },
      {
         source: "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
         tags: [
            "Patch",
         ],
         url: "https://git.kernel.org/stable/c/da7c622cddd4fe36be69ca61e8c42e43cde94784",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "https://git.kernel.org/stable/c/06759ebaf75c19c87b2453a5e130e9e61e9b5d65",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "https://git.kernel.org/stable/c/10452edd175fcc4fd0f5ac782ed2a002e3e5d65c",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "https://git.kernel.org/stable/c/84b38f48836662c4bfae646c014f4e981e16a2b2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "https://git.kernel.org/stable/c/c9d48ce163305595ae20aee27774192476d5e6a5",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "https://git.kernel.org/stable/c/da7c622cddd4fe36be69ca61e8c42e43cde94784",
      },
   ],
   sourceIdentifier: "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
   vulnStatus: "Analyzed",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-125",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.