CVE-2024-39480Classic Buffer Overflow in Linux

CWE-120Classic Buffer OverflowCWE-121Stack-based Buffer Overflow48 documents7 sources
Severity
7.8HIGHNVD
OSV5.5
EPSS
0.0%
top 94.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
11
LinuxLinux KernelDebian Linux+8 more
Timeline
PublishedJul 5
Latest updateOct 17

Description

In the Linux kernel, the following vulnerability has been resolved: kdb: Fix buffer overflow during tab-complete Currently, when the user attempts symbol completion with the Tab key, kdb will use strncpy() to insert the completed symbol into the command buffer. Unfortunately it passes the size of the source buffer rather than the destination to strncpy() with predictably horrible results. Most obviously if the command buffer is already full but cp, the cursor position, is in the middle of the

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages13 packages

NVDlinux/linux_kernel4.194.19.316+6
Debianlinux/linux_kernel< 5.10.221-1+3
Ubuntulinux/linux_kernel< 5.4.0-192.212+3

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

23
OSV
linux-azure vulnerabilities2024-10-17
OSV
linux-azure-fde-5.15 vulnerabilities2024-09-25
OSV
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle vulnerabilities2024-09-23
OSV
linux-lowlatency, linux-lowlatency-hwe-5.15 vulnerabilities2024-09-23
OSV
linux-hwe-6.82024-09-23

📋Vendor Advisories

24
Ubuntu
Linux kernel (Azure) vulnerabilities2024-10-17
Ubuntu
Linux kernel vulnerabilities2024-09-25
Ubuntu
Linux kernel vulnerabilities2024-09-23
Ubuntu
Linux kernel vulnerabilities2024-09-23
Ubuntu
Linux kernel vulnerabilities2024-09-23