CVE-2024-42236

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() Userspace provided string 's' could trivially have the length zero. Left unchecked this will firstly result in an OOB read in the form `if (str[0 - 1] == '\n') followed closely by an OOB write in the form `str[0 - 1] = '\0'`. There is already a validating check to catch strings that are too long. Let's supply an additional check for invalid strings that are too short.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

History

08 Aug 2024, 14:54

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.5
Summary
  • (es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: usb: gadget: configfs: Evitar lectura/escritura OOB en usb_string_copy() Las cadenas 's' proporcionadas por el espacio de usuario podrían tener trivialmente una longitud cero. Si no se marca, esto dará como resultado en primer lugar una lectura OOB en el formato `if (str[0 - 1] == '\n') seguida de cerca por una escritura OOB en el formato `str[0 - 1] = '\0' `. Ya existe una verificación de validación para detectar cadenas que son demasiado largas. Proporcionemos una verificación adicional para cadenas no válidas que sean demasiado cortas.
References () https://git.kernel.org/stable/c/2d16f63d8030903e5031853e79d731ee5d474e70 - () https://git.kernel.org/stable/c/2d16f63d8030903e5031853e79d731ee5d474e70 - Patch
References () https://git.kernel.org/stable/c/6d3c721e686ea6c59e18289b400cc95c76e927e0 - () https://git.kernel.org/stable/c/6d3c721e686ea6c59e18289b400cc95c76e927e0 - Patch
References () https://git.kernel.org/stable/c/72b8ee0d9826e8ed00e0bdfce3e46b98419b37ce - () https://git.kernel.org/stable/c/72b8ee0d9826e8ed00e0bdfce3e46b98419b37ce - Patch
References () https://git.kernel.org/stable/c/a444c3fc264119801575ab086e03fb4952f23fd0 - () https://git.kernel.org/stable/c/a444c3fc264119801575ab086e03fb4952f23fd0 - Patch
References () https://git.kernel.org/stable/c/c95fbdde87e39e5e0ae27f28bf6711edfb985caa - () https://git.kernel.org/stable/c/c95fbdde87e39e5e0ae27f28bf6711edfb985caa - Patch
References () https://git.kernel.org/stable/c/d1205033e912f9332c1dbefa812e6ceb0575ce0a - () https://git.kernel.org/stable/c/d1205033e912f9332c1dbefa812e6ceb0575ce0a - Patch
References () https://git.kernel.org/stable/c/e8474a10c535e6a2024c3b06e37e4a3a23beb490 - () https://git.kernel.org/stable/c/e8474a10c535e6a2024c3b06e37e4a3a23beb490 - Patch
References () https://git.kernel.org/stable/c/eecfefad0953b2f31aaefa058f7f348ff39c4bba - () https://git.kernel.org/stable/c/eecfefad0953b2f31aaefa058f7f348ff39c4bba - Patch
CWE CWE-787
CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
First Time Linux linux Kernel
Linux

07 Aug 2024, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-07 16:15

Updated : 2024-08-08 14:54


NVD link : CVE-2024-42236

Mitre link : CVE-2024-42236

CVE.ORG link : CVE-2024-42236


JSON object : View

Products Affected

linux

  • linux_kernel
CWE
CWE-787

Out-of-bounds Write