CVE-2024-35823Classic Buffer Overflow in Linux

CWE-120Classic Buffer Overflow33 documents8 sources
Severity
5.3MEDIUMNVD
OSV7.0OSV5.5
EPSS
0.3%
top 49.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
LinuxLinux KernelDebian Linux+5 more
Timeline
PublishedMay 17
Latest updateSep 18

Description

In the Linux kernel, the following vulnerability has been resolved: vt: fix unicode buffer corruption when deleting characters This is the same issue that was fixed for the VGA text buffer in commit 39cdb68c64d8 ("vt: fix memory overlapping when deleting chars in the buffer"). The cure is also the same i.e. replace memcpy() with memmove() due to the overlaping buffers.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages9 packages

NVDlinux/linux_kernel3.74.19.312+7
Debianlinux/linux_kernel< 5.10.216-1+3
Ubuntulinux/linux_kernel< 5.4.0-189.209+1
CVEListV5linux/linux81732c3b2fede049a692e58a7ceabb6d18ffb18cfc7dfe3d123f00e720be80b920da287810a1f37d+8
debiandebian/linux< linux 6.1.85-1 (bookworm)

Also affects: Debian Linux 10.0

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

15
OSV
linux-xilinx-zynqmp vulnerabilities2024-09-18
OSV
linux-gcp-5.15 vulnerabilities2024-07-30
OSV
linux-raspi vulnerabilities2024-07-26
OSV
linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15 vulnerabilities2024-07-26
OSV
linux-aws-5.15 vulnerabilities2024-07-23

📋Vendor Advisories

16
Ubuntu
Linux kernel vulnerabilities2024-09-18
Ubuntu
Linux kernel vulnerabilities2024-07-30
Ubuntu
Linux kernel vulnerabilities2024-07-26
Ubuntu
Linux kernel vulnerabilities2024-07-26
Ubuntu
Linux kernel vulnerabilities2024-07-23

💬Community

1
Bugzilla
CVE-2024-35823 kernel: vt: fix unicode buffer corruption when deleting characters2024-05-17