CVE-2024-26736
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
afs: Increase buffer size in afs_update_volume_status()
The max length of volume->vid value is 20 characters. So increase idbuf[] size up to 24 to avoid overflow.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
[DH: Actually, it's 20 + NUL, so increase it to 24 and use snprintf()]
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | d2ddc776a4581d900fc3bdc7803b403daae64d88 < 5c27d85a69fa16a08813ba37ddfb4bbc9a1ed6b5 | affected |
| Linux | Linux | d2ddc776a4581d900fc3bdc7803b403daae64d88 < d9b5e2b7a8196850383c70d099bfd39e81ab6637 | affected |
| Linux | Linux | d2ddc776a4581d900fc3bdc7803b403daae64d88 < e56662160fc24d28cb75ac095cc6415ae1bda43e | affected |
| Linux | Linux | d2ddc776a4581d900fc3bdc7803b403daae64d88 < e8530b170e464017203e3b8c6c49af6e916aece1 | affected |
| Linux | Linux | d2ddc776a4581d900fc3bdc7803b403daae64d88 < 6e6065dd25b661420fac19c34282b6c626fcd35e | affected |
| Linux | Linux | d2ddc776a4581d900fc3bdc7803b403daae64d88 < d34a5e57632bb5ff825196ddd9a48ca403626dfa | affected |
| Linux | Linux | d2ddc776a4581d900fc3bdc7803b403daae64d88 < 6ea38e2aeb72349cad50e38899b0ba6fbcb2af3d | affected |
| Linux | Linux | 4.15 | affected |
| Linux | Linux | 0 < 4.15 | unaffected |
| Linux | Linux | 5.4.270 <= 5.4.* | unaffected |
| Linux | Linux | 5.10.211 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.150 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.80 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.19 <= 6.6.* | unaffected |
| Linux | Linux | 6.7.7 <= 6.7.* | unaffected |
| Linux | Linux | 6.8 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
- https://git.kernel.org/stable/c/5c27d85a69fa16a08813ba37ddfb4bbc9a1ed6b5
- https://git.kernel.org/stable/c/d9b5e2b7a8196850383c70d099bfd39e81ab6637
- https://git.kernel.org/stable/c/e56662160fc24d28cb75ac095cc6415ae1bda43e
- https://git.kernel.org/stable/c/e8530b170e464017203e3b8c6c49af6e916aece1
- https://git.kernel.org/stable/c/6e6065dd25b661420fac19c34282b6c626fcd35e
- https://git.kernel.org/stable/c/d34a5e57632bb5ff825196ddd9a48ca403626dfa
- https://git.kernel.org/stable/c/6ea38e2aeb72349cad50e38899b0ba6fbcb2af3d
- https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
References
- https://git.kernel.org/stable/c/5c27d85a69fa16a08813ba37ddfb4bbc9a1ed6b5
- https://git.kernel.org/stable/c/d9b5e2b7a8196850383c70d099bfd39e81ab6637
- https://git.kernel.org/stable/c/e56662160fc24d28cb75ac095cc6415ae1bda43e
- https://git.kernel.org/stable/c/e8530b170e464017203e3b8c6c49af6e916aece1
- https://git.kernel.org/stable/c/6e6065dd25b661420fac19c34282b6c626fcd35e
- https://git.kernel.org/stable/c/d34a5e57632bb5ff825196ddd9a48ca403626dfa
- https://git.kernel.org/stable/c/6ea38e2aeb72349cad50e38899b0ba6fbcb2af3d
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.