CVE-2024-42257

In the Linux kernel, the following vulnerability has been resolved: ext4: use memtostr_pad() for s_volume_name As with the other strings in struct ext4_super_block, s_volume_name is not NUL terminated. The other strings were marked in commit 072ebb3bffe6 ("ext4: add nonstring annotations to ext4.h"). Using strscpy() isn't the right replacement for strncpy(); it should use memtostr_pad() instead.
Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

History

06 Sep 2024, 14:12

Type Values Removed Values Added
CWE NVD-CWE-Other
CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
References () https://git.kernel.org/stable/c/4378be89ddb7de88d984b67ecfd6191686c42817 - () https://git.kernel.org/stable/c/4378be89ddb7de88d984b67ecfd6191686c42817 - Patch
References () https://git.kernel.org/stable/c/be27cd64461c45a6088a91a04eba5cd44e1767ef - () https://git.kernel.org/stable/c/be27cd64461c45a6088a91a04eba5cd44e1767ef - Patch
First Time Linux linux Kernel
Linux
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.8

08 Aug 2024, 13:04

Type Values Removed Values Added
Summary
  • (es) En el kernel de Linux, se resolvió la siguiente vulnerabilidad: ext4: use memtostr_pad() para s_volume_name Al igual que con las otras cadenas en la estructura ext4_super_block, s_volume_name no tiene terminación NUL. Las otras cadenas se marcaron en el commit 072ebb3bffe6 ("ext4: agregue anotaciones que no sean cadenas a ext4.h"). Usar strscpy() no es el reemplazo adecuado para strncpy(); debería usar memtostr_pad() en su lugar.

08 Aug 2024, 09:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-08 09:15

Updated : 2024-09-06 14:12


NVD link : CVE-2024-42257

Mitre link : CVE-2024-42257

CVE.ORG link : CVE-2024-42257


JSON object : View

Products Affected

linux

  • linux_kernel