In the Linux kernel, the following vulnerability has been resolved: s390/cio: Ensure the copied buf is NUL terminated Currently, we allocate a lbuf-sized kernel buffer and copy lbuf from userspace to that buffer. Later, we use scanf on this buffer but we don't ensure that the string is terminated inside the buffer, this can lead to OOB read when using scanf. Fix this issue by using memdup_user_nul instead.
History

Thu, 26 Sep 2024 02:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-170
Metrics cvssV3_1

{'score': 5.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H'}

cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-05-30T15:29:22.601Z

Updated: 2024-12-19T09:02:20.724Z

Reserved: 2024-05-30T15:25:07.071Z

Link: CVE-2024-36931

cve-icon Vulnrichment

Updated: 2024-06-05T18:21:29.890Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-05-30T16:15:16.293

Modified: 2024-11-21T09:22:50.793

Link: CVE-2024-36931

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-05-30T00:00:00Z

Links: CVE-2024-36931 - Bugzilla