In the Linux kernel, the following vulnerability has been resolved:
tracing: Consider the NULL character when validating the event length
strlen() returns a string length excluding the null byte. If the string
length equals to the maximum buffer length, the buffer will have no
space for the NULL terminating character.
This commit checks this condition and returns failure for it.
References
Configurations
Configuration 1 (hide)
|
History
08 Nov 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
07 Nov 2024, 21:48
Type | Values Removed | Values Added |
---|---|---|
References | () https://git.kernel.org/stable/c/0b6e2e22cb23105fcb171ab92f0f7516c69c8471 - Patch | |
References | () https://git.kernel.org/stable/c/5fd942598ddeed9a212d1ff41f9f5b47bcc990a7 - Patch | |
References | () https://git.kernel.org/stable/c/a14a075a14af8d622c576145455702591bdde09d - Patch | |
References | () https://git.kernel.org/stable/c/b86b0d6eea204116e4185acc35041ca4ff11a642 - Patch | |
References | () https://git.kernel.org/stable/c/f4ed40d1c669bba1a54407d8182acdc405683f29 - Patch | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
CWE | CWE-120 | |
First Time |
Linux linux Kernel
Linux |
|
CPE | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:* |
06 Nov 2024, 18:17
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
05 Nov 2024, 18:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-11-05 18:15
Updated : 2024-11-08 16:15
NVD link : CVE-2024-50131
Mitre link : CVE-2024-50131
CVE.ORG link : CVE-2024-50131
JSON object : View
Products Affected
linux
- linux_kernel
CWE
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')