CVE-2024-36935

Summary

In the Linux kernel, the following vulnerability has been resolved:

ice: ensure the copied buf is NUL terminated

Currently, we allocate a count-sized kernel buffer and copy count bytes from userspace to that buffer. Later, we use sscanf on this buffer but we don't ensure that the string is terminated inside the buffer, this can lead to OOB read when using sscanf. Fix this issue by using memdup_user_nul instead of memdup_user.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux96a9a9341cdaea0c3bce4c134e04a2a42ae899ac < 5ff4de981983ed84f29b5d92b6550ec054e12a92affected
LinuxLinux96a9a9341cdaea0c3bce4c134e04a2a42ae899ac < 666854ea9cad844f75a068f32812a2d78004914aaffected
LinuxLinux6.8affected
LinuxLinux0 < 6.8unaffected
LinuxLinux6.8.10 <= 6.8.*unaffected
LinuxLinux6.9 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References