CVE-2024-26889Classic Buffer Overflow in Linux

CWE-120Classic Buffer OverflowCWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer56 documents7 sources
Severity
5.5MEDIUMNVD
OSV7.0OSV6.5
EPSS
0.0%
top 98.74%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
LinuxLinux KernelDebian Linux+1 more
Timeline
PublishedApr 17
Latest updateAug 2

Description

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_core: Fix possible buffer overflow struct hci_dev_info has a fixed size name[8] field so in the event that hdev->name is bigger than that strcpy would attempt to write past its size, so this fixes this problem by switching to use strscpy.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

NVDlinux/linux_kernel4.14.3284.15+8
Debianlinux/linux_kernel< 5.10.216-1+3
Ubuntulinux/linux_kernel< 5.4.0-189.209+2
CVEListV5linux/linux194ab82c1ea187512ff2f822124bd05b63fc9f766d5a9d4a7bcbb7534ce45a18a52e7bd23e69d8ac+11
debiandebian/linux< linux 6.1.85-1 (bookworm)

Also affects: Debian Linux 10.0

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

27
OSV
linux-oem-6.5 vulnerabilities2024-08-02
OSV
linux-raspi vulnerabilities2024-07-26
OSV
linux-aws, linux-aws-5.4, linux-iot vulnerabilities2024-07-23
OSV
linux-raspi, linux-raspi-5.4 vulnerabilities2024-07-19
OSV
linux-aws-6.5, linux-lowlatency-hwe-6.5, linux-oracle-6.5, linux-starfive-6.5 vulnerabilities2024-07-19

📋Vendor Advisories

27
Ubuntu
Linux kernel vulnerabilities2024-08-02
Ubuntu
Linux kernel vulnerabilities2024-07-26
Ubuntu
Linux kernel vulnerabilities2024-07-23
Ubuntu
Linux kernel vulnerabilities2024-07-19
Ubuntu
Linux kernel vulnerabilities2024-07-19

💬Community

1
Bugzilla
CVE-2024-26889 kernel: Bluetooth: hci_core: Fix possible buffer overflow2024-04-17