CVE-2024-50259

Summary

In the Linux kernel, the following vulnerability has been resolved:

netdevsim: Add trailing zero to terminate the string in nsim_nexthop_bucket_activity_write()

This was found by a static analyzer. We should not forget the trailing zero after copy_from_user() if we will further do some string operations, sscanf() in this case. Adding a trailing zero will ensure that the function performs properly.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxc6385c0b67c527b298111775bc89a7407ba1581e < c2150f666c6fc301d5d1643ed0f92251f1a0ff0daffected
LinuxLinuxc6385c0b67c527b298111775bc89a7407ba1581e < bcba86e03b3aac361ea671672cf48eed11f9011caffected
LinuxLinuxc6385c0b67c527b298111775bc89a7407ba1581e < 6a604877160fe5ab2e1985d5ce1ba6a61abe0693affected
LinuxLinuxc6385c0b67c527b298111775bc89a7407ba1581e < 27bd7a742e171362c9eb52ad5d1d71d3321f949faffected
LinuxLinuxc6385c0b67c527b298111775bc89a7407ba1581e < 4ce1f56a1eaced2523329bef800d004e30f2f76caffected
LinuxLinux5.13affected
LinuxLinux0 < 5.13unaffected
LinuxLinux5.15.171 <= 5.15.*unaffected
LinuxLinux6.1.116 <= 6.1.*unaffected
LinuxLinux6.6.60 <= 6.6.*unaffected
LinuxLinux6.11.7 <= 6.11.*unaffected
LinuxLinux6.12 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References