CVE-2024-36935

HIGH

Linux Kernel < 6.8.10 - Out-of-Bounds Read

Title source: rule

Description

In the Linux kernel, the following vulnerability has been resolved: ice: ensure the copied buf is NUL terminated Currently, we allocate a count-sized kernel buffer and copy count bytes from userspace to that buffer. Later, we use sscanf on this buffer but we don't ensure that the string is terminated inside the buffer, this can lead to OOB read when using sscanf. Fix this issue by using memdup_user_nul instead of memdup_user.

References (2)

Core 2

Core References

Patch

https://git.kernel.org/stable/c/5ff4de981983ed84f29b5d92b6550ec054e12a92

Patch

https://git.kernel.org/stable/c/666854ea9cad844f75a068f32812a2d78004914a

Scores

CVSS v3 7.1

EPSS 0.0002

EPSS Percentile 4.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-125

Status published

Products (3)

linux/Kernel 6.8.0 - 6.8.10linux

linux/linux_kernel 6.9 rc1 (6 CPE variants)

linux/linux_kernel 6.8 - 6.8.10

Published May 30, 2024

Tracked Since Feb 18, 2026