CVE-2024-27401 — Linux vulnerability
24 documents8 sources
Severity
7.1HIGHNVD
EPSS
0.0%
top 99.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 14
Latest updateSep 18
Description
In the Linux kernel, the following vulnerability has been resolved:
firewire: nosy: ensure user_length is taken into account when fetching packet contents
Ensure that packet_buffer_get respects the user_length provided. If
the length of the head packet exceeds the user_length, packet_buffer_get
will now return 0 to signify to the user that no data were read
and a larger buffer size is required. Helps prevent user space overflows.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2
Affected Packages3 packages
▶CVEListV5linux/linux286468210d83ce0ca1e37e346ed9f4457a161650 — 67f34f093c0f7bf33f5b4ae64d3d695a3b978285+8
Also affects: Debian Linux 10.0, Fedora 39, 40
Patches
🔴Vulnerability Details
3OSV▶
CVE-2024-27401: In the Linux kernel, the following vulnerability has been resolved: firewire: nosy: ensure user_length is taken into account when fetching packet cont↗2024-05-14
GHSA▶
GHSA-wmmp-mchh-75gf: In the Linux kernel, the following vulnerability has been resolved:
firewire: nosy: ensure user_length is taken into account when fetching packet con↗2024-05-14
CVEList
▶
📋Vendor Advisories
19💬Community
1Bugzilla▶
CVE-2024-27401 kernel: firewire: nosy: ensure user_length is taken into account when fetching packet contents↗2024-05-14