CVE-2024-36957

MEDIUM

Linux Kernel - Off-by-One Read in octeontx2-af Userspace Buffer Handling

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: avoid off-by-one read from userspace We try to access count + 1 byte from userspace with memdup_user(buffer, count + 1). However, the userspace only provides buffer of count bytes and only these count bytes are verified to be okay to access. To ensure the copied buffer is NUL terminated, we use memdup_user_nul instead.

References (7)

Core 7

Core References

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html

Patch

https://git.kernel.org/stable/c/bcdac70adceb44373da204c3c297f2a98e13216e

Patch

https://git.kernel.org/stable/c/ec697fbd38cbe2eef0948b58673b146caa95402f

Patch

https://git.kernel.org/stable/c/8f11fe3ea3fc261640cfc8a5addd838000407c67

Patch

https://git.kernel.org/stable/c/0a0285cee11c7dcc2657bcd456e469958a5009e7

Patch

https://git.kernel.org/stable/c/fc3e0076c1f82fe981d321e3a7bad4cbee542c19

Patch

https://git.kernel.org/stable/c/f299ee709fb45036454ca11e90cb2810fe771878

Scores

CVSS v3 5.5

EPSS 0.0024

EPSS Percentile 14.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-193

Status published

Products (25)

debian/debian_linux 10.0

linux/Kernel < 5.10.217linux

linux/Kernel 5.11.0 - 5.15.159linux

linux/Kernel 5.12.0 - 6.1.91linux

linux/Kernel 5.16.0 - 6.6.31linux

linux/Kernel 6.2.0 - 6.8.10linux

Linux/Linux < 5.12

Linux/Linux 3a2eb515d1367c0f667b76089a6e727279c688b8 - 0a0285cee11c7dcc2657bcd456e469958a5009e7

Linux/Linux 3a2eb515d1367c0f667b76089a6e727279c688b8 - 8f11fe3ea3fc261640cfc8a5addd838000407c67

Linux/Linux 3a2eb515d1367c0f667b76089a6e727279c688b8 - ec697fbd38cbe2eef0948b58673b146caa95402f

... and 15 more

Published May 30, 2024

Tracked Since Feb 18, 2026