CVE-2024-26736

Summary

In the Linux kernel, the following vulnerability has been resolved:

afs: Increase buffer size in afs_update_volume_status()

The max length of volume->vid value is 20 characters. So increase idbuf[] size up to 24 to avoid overflow.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

[DH: Actually, it's 20 + NUL, so increase it to 24 and use snprintf()]

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxd2ddc776a4581d900fc3bdc7803b403daae64d88 < 5c27d85a69fa16a08813ba37ddfb4bbc9a1ed6b5affected
LinuxLinuxd2ddc776a4581d900fc3bdc7803b403daae64d88 < d9b5e2b7a8196850383c70d099bfd39e81ab6637affected
LinuxLinuxd2ddc776a4581d900fc3bdc7803b403daae64d88 < e56662160fc24d28cb75ac095cc6415ae1bda43eaffected
LinuxLinuxd2ddc776a4581d900fc3bdc7803b403daae64d88 < e8530b170e464017203e3b8c6c49af6e916aece1affected
LinuxLinuxd2ddc776a4581d900fc3bdc7803b403daae64d88 < 6e6065dd25b661420fac19c34282b6c626fcd35eaffected
LinuxLinuxd2ddc776a4581d900fc3bdc7803b403daae64d88 < d34a5e57632bb5ff825196ddd9a48ca403626dfaaffected
LinuxLinuxd2ddc776a4581d900fc3bdc7803b403daae64d88 < 6ea38e2aeb72349cad50e38899b0ba6fbcb2af3daffected
LinuxLinux4.15affected
LinuxLinux0 < 4.15unaffected
LinuxLinux5.4.270 <= 5.4.*unaffected
LinuxLinux5.10.211 <= 5.10.*unaffected
LinuxLinux5.15.150 <= 5.15.*unaffected
LinuxLinux6.1.80 <= 6.1.*unaffected
LinuxLinux6.6.19 <= 6.6.*unaffected
LinuxLinux6.7.7 <= 6.7.*unaffected
LinuxLinux6.8 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References