CVE-2024-43839

Summary

In the Linux kernel, the following vulnerability has been resolved:

bna: adjust 'name' buf size of bna_tcb and bna_ccb structures

To have enough space to write all possible sprintf() args. Currently 'name' size is 16, but the first '%s' specifier may already need at least 16 characters, since 'bnad->netdev->name' is used there.

For '%d' specifiers, assume that they require:

  • 1 char for 'tx_id + tx_info->tcb[i]->id' sum, BNAD_MAX_TXQ_PER_TX is 8
  • 2 chars for 'rx_id + rx_info->rx_ctrl[i].ccb->id', BNAD_MAX_RXP_PER_RX is 16

And replace sprintf with snprintf.

Detected using the static analysis tool - Svace.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux8b230ed8ec96c933047dd0625cf95f739e4939a6 < f121740f69eda4da2de9a20a6687a13593e72540affected
LinuxLinux8b230ed8ec96c933047dd0625cf95f739e4939a6 < c90b1cd7758fd4839909e838ae195d19f8065d76affected
LinuxLinux8b230ed8ec96c933047dd0625cf95f739e4939a6 < 6ce46045f9b90d952602e2c0b8886cfadf860bf1affected
LinuxLinux8b230ed8ec96c933047dd0625cf95f739e4939a6 < 6d20c4044ab4d0e6a99aa35853e66f0aed5589e3affected
LinuxLinux8b230ed8ec96c933047dd0625cf95f739e4939a6 < ab748dd10d8742561f2980fea08ffb4f0cacfdefaffected
LinuxLinux8b230ed8ec96c933047dd0625cf95f739e4939a6 < b0ff0cd0847b03c0a0abe20cfa900eabcfcb9e43affected
LinuxLinux8b230ed8ec96c933047dd0625cf95f739e4939a6 < e0f48f51d55fb187400e9787192eda09fa200ff5affected
LinuxLinux8b230ed8ec96c933047dd0625cf95f739e4939a6 < c9741a03dc8e491e57b95fba0058ab46b7e506daaffected
LinuxLinux2.6.37affected
LinuxLinux0 < 2.6.37unaffected
LinuxLinux4.19.320 <= 4.19.*unaffected
LinuxLinux5.4.282 <= 5.4.*unaffected
LinuxLinux5.10.224 <= 5.10.*unaffected
LinuxLinux5.15.165 <= 5.15.*unaffected
LinuxLinux6.1.103 <= 6.1.*unaffected
LinuxLinux6.6.44 <= 6.6.*unaffected
LinuxLinux6.10.3 <= 6.10.*unaffected
LinuxLinux6.11 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References