CVE-2024-38585

Summary

In the Linux kernel, the following vulnerability has been resolved:

tools/nolibc/stdlib: fix memory error in realloc()

Pass user_p_len to memcpy() instead of heap->len to prevent realloc() from copying an extra sizeof(heap) bytes from beyond the allocated region.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux0e0ff638400be8f497a35b51a4751fd823f6bd6a < 5996b2b2dac739f2a27da13de8eee5b85b2550b3affected
LinuxLinux0e0ff638400be8f497a35b51a4751fd823f6bd6a < f678c3c336559cf3255a32153e9a17c1be4e7c15affected
LinuxLinux0e0ff638400be8f497a35b51a4751fd823f6bd6a < 8019d3dd921f39a237a9fab6d2ce716bfac0f983affected
LinuxLinux0e0ff638400be8f497a35b51a4751fd823f6bd6a < 4e6f225aefeb712cdb870176b6621f02cf235b8caffected
LinuxLinux0e0ff638400be8f497a35b51a4751fd823f6bd6a < 791f4641142e2aced85de082e5783b4fb0b977c2affected
LinuxLinux5.19affected
LinuxLinux0 < 5.19unaffected
LinuxLinux6.1.93 <= 6.1.*unaffected
LinuxLinux6.6.33 <= 6.6.*unaffected
LinuxLinux6.8.12 <= 6.8.*unaffected
LinuxLinux6.9.3 <= 6.9.*unaffected
LinuxLinux6.10 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References