CVE-2024-36935

HIGH

Linux Kernel 6.8-6.8.9 - Out-of-bounds Read in ICE Driver Buffer Handling

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: ice: ensure the copied buf is NUL terminated Currently, we allocate a count-sized kernel buffer and copy count bytes from userspace to that buffer. Later, we use sscanf on this buffer but we don't ensure that the string is terminated inside the buffer, this can lead to OOB read when using sscanf. Fix this issue by using memdup_user_nul instead of memdup_user.

References (2)

Core 2

Core References

Patch

https://git.kernel.org/stable/c/5ff4de981983ed84f29b5d92b6550ec054e12a92

Patch

https://git.kernel.org/stable/c/666854ea9cad844f75a068f32812a2d78004914a

Scores

CVSS v3 7.1

EPSS 0.0021

EPSS Percentile 11.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-125

Status published

Products (9)

linux/Kernel 6.8.0 - 6.8.10linux

Linux/Linux < 6.8

Linux/Linux 6.8

Linux/Linux 6.8.10 - 6.8.*

Linux/Linux 6.9

Linux/Linux 96a9a9341cdaea0c3bce4c134e04a2a42ae899ac - 5ff4de981983ed84f29b5d92b6550ec054e12a92

Linux/Linux 96a9a9341cdaea0c3bce4c134e04a2a42ae899ac - 666854ea9cad844f75a068f32812a2d78004914a

linux/linux_kernel 6.9 rc1 (6 CPE variants)

linux/linux_kernel 6.8 - 6.8.10

Published May 30, 2024

Tracked Since Feb 18, 2026