CVE-2024-36934Out-of-bounds Write in Linux

CWE-787Out-of-bounds WriteCWE-125Out-of-bounds Read58 documents6 sources
Severity
7.8HIGHNVD
OSV6.5OSV5.5
EPSS
0.0%
top 98.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
LinuxLinux KernelDebian Linux+1 more
Timeline
PublishedMay 30
Latest updateMay 13

Description

In the Linux kernel, the following vulnerability has been resolved: bna: ensure the copied buf is NUL terminated Currently, we allocate a nbytes-sized kernel buffer and copy nbytes from userspace to that buffer. Later, we use sscanf on this buffer but we don't ensure that the string is terminated inside the buffer, this can lead to OOB read when using sscanf. Fix this issue by using memdup_user_nul instead of memdup_user.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages5 packages

NVDlinux/linux_kernel3.34.19.314+7
Debianlinux/linux_kernel< 5.10.218-1+3
Ubuntulinux/linux_kernel< 5.4.0-192.212+4
CVEListV5linux/linux7afc5dbde09104b023ce04465ba71aaba0fc4346bd502ba81cd1d515deddad7dbc6b812b14b97147+8
debiandebian/linux< linux 6.1.94-1 (bookworm)

Also affects: Debian Linux 10.0

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

28
OSV
linux-lts-xenial vulnerabilities2025-05-13
OSV
linux-fips vulnerabilities2025-05-12
OSV
linux-aws vulnerabilities2025-05-12
OSV
linux, linux-aws, linux-kvm vulnerabilities2025-05-12
OSV
linux-aws-fips, linux-fips, linux-gcp-fips vulnerabilities2025-05-07

📋Vendor Advisories

28
Ubuntu
Linux kernel (Xenial HWE) vulnerabilities2025-05-13
Ubuntu
Linux kernel (FIPS) vulnerabilities2025-05-12
Ubuntu
Linux kernel vulnerabilities2025-05-12
Ubuntu
Linux kernel (AWS) vulnerabilities2025-05-12
Ubuntu
Linux kernel (Azure FIPS) vulnerabilities2025-05-07

💬Community

1
Bugzilla
CVE-2024-36934 kernel: bna: ensure the copied buf is NUL terminated2024-06-03