CVE-2024-38577Classic Buffer Overflow in Linux

CWE-120Classic Buffer Overflow25 documents7 sources
Severity
7.8HIGHNVD
OSV8.8OSV7.1OSV6.5
EPSS
0.0%
top 98.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
11
LinuxLinux KernelDebian Linux+8 more
Timeline
PublishedJun 19
Latest updateJan 9

Description

In the Linux kernel, the following vulnerability has been resolved: rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow There is a possibility of buffer overflow in show_rcu_tasks_trace_gp_kthread() if counters, passed to sprintf() are huge. Counter numbers, needed for this are unrealistically high, but buffer overflow is still possible. Use snprintf() with buffer size instead of sprintf(). Found by Linux Verification Center (linuxtesting.org) with SVACE.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages13 packages

NVDlinux/linux_kernel5.85.10.226+5
Debianlinux/linux_kernel< 5.10.226-1+3
Ubuntulinux/linux_kernel< 5.15.0-125.135+1

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

12
OSV
linux-azure-5.15 vulnerabilities2025-01-09
OSV
linux-intel-iotg, linux-intel-iotg-5.15 vulnerabilities2024-12-09
OSV
linux-azure vulnerabilities2024-11-20
OSV
linux-aws vulnerabilities2024-11-12
OSV
linux, linux-aws-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-gkeop-5.15, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvi2024-11-11

📋Vendor Advisories

12
Ubuntu
Linux kernel (Azure) vulnerabilities2025-01-09
Ubuntu
Linux kernel (Intel IoTG) vulnerabilities2024-12-09
Ubuntu
Linux kernel (Azure) vulnerabilities2024-11-20
Ubuntu
Linux kernel vulnerabilities2024-11-12
Ubuntu
Linux kernel vulnerabilities2024-11-11