CVE-2024-27401

Summary

In the Linux kernel, the following vulnerability has been resolved:

firewire: nosy: ensure user_length is taken into account when fetching packet contents

Ensure that packet_buffer_get respects the user_length provided. If the length of the head packet exceeds the user_length, packet_buffer_get will now return 0 to signify to the user that no data were read and a larger buffer size is required. Helps prevent user space overflows.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux286468210d83ce0ca1e37e346ed9f4457a161650 < 67f34f093c0f7bf33f5b4ae64d3d695a3b978285affected
LinuxLinux286468210d83ce0ca1e37e346ed9f4457a161650 < 7b8c7bd2296e95b38a6ff346242356a2e7190239affected
LinuxLinux286468210d83ce0ca1e37e346ed9f4457a161650 < cca330c59c54207567a648357835f59df9a286bbaffected
LinuxLinux286468210d83ce0ca1e37e346ed9f4457a161650 < 79f988d3ffc1aa778fc5181bdfab312e57956c6baffected
LinuxLinux286468210d83ce0ca1e37e346ed9f4457a161650 < 4ee0941da10e8fdcdb34756b877efd3282594c1faffected
LinuxLinux286468210d83ce0ca1e37e346ed9f4457a161650 < 1fe60ee709436550f8cfbab01295936b868d5baaaffected
LinuxLinux286468210d83ce0ca1e37e346ed9f4457a161650 < 539d51ac48bcfcfa1b3d4a85f8df92fa22c1d41caffected
LinuxLinux286468210d83ce0ca1e37e346ed9f4457a161650 < 38762a0763c10c24a4915feee722d7aa6e73eb98affected
LinuxLinux2.6.36affected
LinuxLinux0 < 2.6.36unaffected
LinuxLinux4.19.314 <= 4.19.*unaffected
LinuxLinux5.4.276 <= 5.4.*unaffected
LinuxLinux5.10.217 <= 5.10.*unaffected
LinuxLinux5.15.159 <= 5.15.*unaffected
LinuxLinux6.1.91 <= 6.1.*unaffected
LinuxLinux6.6.31 <= 6.6.*unaffected
LinuxLinux6.8.10 <= 6.8.*unaffected
LinuxLinux6.9 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References