In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Ensure the copied buf is NUL terminated Currently, we allocate a count-sized kernel buffer and copy count from userspace to that buffer. Later, we use kstrtouint on this buffer but we don't ensure that the string is terminated inside the buffer, this can lead to OOB read when using kstrtouint. Fix this issue by using memdup_user_nul instead of memdup_user.
History

Fri, 01 Nov 2024 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-476

Tue, 24 Sep 2024 11:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:8

Tue, 24 Sep 2024 06:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:enterprise_linux:8::nfv

Wed, 18 Sep 2024 06:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Eus
CPEs cpe:/a:redhat:rhel_eus:9.2
cpe:/a:redhat:rhel_eus:9.2::nfv
Vendors & Products Redhat rhel Eus

Wed, 11 Sep 2024 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat
Redhat enterprise Linux
CPEs cpe:/a:redhat:enterprise_linux:9
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux

cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-06-19T13:35:28.888Z

Updated: 2024-12-19T09:04:32.412Z

Reserved: 2024-06-18T19:36:34.922Z

Link: CVE-2024-38559

cve-icon Vulnrichment

Updated: 2024-08-02T04:12:25.738Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-06-19T14:15:16.077

Modified: 2024-11-21T09:26:20.703

Link: CVE-2024-38559

cve-icon Redhat

Severity : Low

Publid Date: 2024-06-19T00:00:00Z

Links: CVE-2024-38559 - Bugzilla