CVE-2024-36957

Summary

In the Linux kernel, the following vulnerability has been resolved:

octeontx2-af: avoid off-by-one read from userspace

We try to access count + 1 byte from userspace with memdup_user(buffer, count + 1). However, the userspace only provides buffer of count bytes and only these count bytes are verified to be okay to access. To ensure the copied buffer is NUL terminated, we use memdup_user_nul instead.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxdae49384d0d7695540e2d75168f323cef1384810 < bcdac70adceb44373da204c3c297f2a98e13216eaffected
LinuxLinux3a2eb515d1367c0f667b76089a6e727279c688b8 < ec697fbd38cbe2eef0948b58673b146caa95402faffected
LinuxLinux3a2eb515d1367c0f667b76089a6e727279c688b8 < 8f11fe3ea3fc261640cfc8a5addd838000407c67affected
LinuxLinux3a2eb515d1367c0f667b76089a6e727279c688b8 < 0a0285cee11c7dcc2657bcd456e469958a5009e7affected
LinuxLinux3a2eb515d1367c0f667b76089a6e727279c688b8 < fc3e0076c1f82fe981d321e3a7bad4cbee542c19affected
LinuxLinux3a2eb515d1367c0f667b76089a6e727279c688b8 < f299ee709fb45036454ca11e90cb2810fe771878affected
LinuxLinuxc9a2ed3fdd037314a71e6a6ba5d99a3605f6f9c7affected
LinuxLinux5.10.20 < 5.10.217affected
LinuxLinux5.11.3 < 5.12affected
LinuxLinux5.12affected
LinuxLinux0 < 5.12unaffected
LinuxLinux5.10.217 <= 5.10.*unaffected
LinuxLinux5.15.159 <= 5.15.*unaffected
LinuxLinux6.1.91 <= 6.1.*unaffected
LinuxLinux6.6.31 <= 6.6.*unaffected
LinuxLinux6.8.10 <= 6.8.*unaffected
LinuxLinux6.9 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References