CVE-2024-50131

In the Linux kernel, the following vulnerability has been resolved: tracing: Consider the NULL character when validating the event length strlen() returns a string length excluding the null byte. If the string length equals to the maximum buffer length, the buffer will have no space for the NULL terminating character. This commit checks this condition and returns failure for it.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*

History

08 Nov 2024, 16:15

Type Values Removed Values Added
References
  • () https://git.kernel.org/stable/c/02874ca52df2ca2423ba6122039315ed61c25972 -
  • () https://git.kernel.org/stable/c/5e3231b352725ff4a3a0095e6035af674f2d8725 -

07 Nov 2024, 21:48

Type Values Removed Values Added
References () https://git.kernel.org/stable/c/0b6e2e22cb23105fcb171ab92f0f7516c69c8471 - () https://git.kernel.org/stable/c/0b6e2e22cb23105fcb171ab92f0f7516c69c8471 - Patch
References () https://git.kernel.org/stable/c/5fd942598ddeed9a212d1ff41f9f5b47bcc990a7 - () https://git.kernel.org/stable/c/5fd942598ddeed9a212d1ff41f9f5b47bcc990a7 - Patch
References () https://git.kernel.org/stable/c/a14a075a14af8d622c576145455702591bdde09d - () https://git.kernel.org/stable/c/a14a075a14af8d622c576145455702591bdde09d - Patch
References () https://git.kernel.org/stable/c/b86b0d6eea204116e4185acc35041ca4ff11a642 - () https://git.kernel.org/stable/c/b86b0d6eea204116e4185acc35041ca4ff11a642 - Patch
References () https://git.kernel.org/stable/c/f4ed40d1c669bba1a54407d8182acdc405683f29 - () https://git.kernel.org/stable/c/f4ed40d1c669bba1a54407d8182acdc405683f29 - Patch
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.8
CWE CWE-120
First Time Linux linux Kernel
Linux
CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*

06 Nov 2024, 18:17

Type Values Removed Values Added
Summary
  • (es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: rastreo: considerar el carácter NULL al validar la longitud del evento strlen() devuelve una longitud de cadena que excluye el byte nulo. Si la longitud de la cadena es igual a la longitud máxima del búfer, el búfer no tendrá espacio para el carácter de terminación NULL. Esta confirmación verifica esta condición y devuelve un error.

05 Nov 2024, 18:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-11-05 18:15

Updated : 2024-11-08 16:15


NVD link : CVE-2024-50131

Mitre link : CVE-2024-50131

CVE.ORG link : CVE-2024-50131


JSON object : View

Products Affected

linux

  • linux_kernel
CWE
CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')