In the Linux kernel, the following vulnerability has been resolved:
s390/cio: Ensure the copied buf is NUL terminated
Currently, we allocate a lbuf-sized kernel buffer and copy lbuf from
userspace to that buffer. Later, we use scanf on this buffer but we don't
ensure that the string is terminated inside the buffer, this can lead to
OOB read when using scanf. Fix this issue by using memdup_user_nul instead.
Metrics
Affected Vendors & Products
References
History
Thu, 26 Sep 2024 02:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-170 | |
Metrics |
cvssV3_1
|
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Linux
Published: 2024-05-30T15:29:22.601Z
Updated: 2024-12-19T09:02:20.724Z
Reserved: 2024-05-30T15:25:07.071Z
Link: CVE-2024-36931
Vulnrichment
Updated: 2024-06-05T18:21:29.890Z
NVD
Status : Awaiting Analysis
Published: 2024-05-30T16:15:16.293
Modified: 2024-11-21T09:22:50.793
Link: CVE-2024-36931
Redhat