CVE-2024-50074 — Out-of-bounds Read in Linux
Severity
7.8HIGHNVD
EPSS
0.0%
top 94.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedOct 29
Latest updateMay 28
Description
In the Linux kernel, the following vulnerability has been resolved:
parport: Proper fix for array out-of-bounds access
The recent fix for array out-of-bounds accesses replaced sprintf()
calls blindly with snprintf(). However, since snprintf() returns the
would-be-printed size, not the actually output size, the length
calculation can still go over the given limit.
Use scnprintf() instead of snprintf(), which returns the actually
output letters, for addressing the potential out-of-bounds access…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages3 packages
▶CVEListV5linux/linux166a0bddcc27de41fe13f861c8348e8e53e988c8 — 8aadef73ba3b325704ed5cfc4696a25c350182cf+9
Also affects: Enterprise Linux 8.0, 9.0
Patches
🔴Vulnerability Details
3GHSA▶
GHSA-8cgr-vwjm-54q7: In the Linux kernel, the following vulnerability has been resolved:
parport: Proper fix for array out-of-bounds access
The recent fix for array out-↗2024-10-29
OSV▶
CVE-2024-50074: In the Linux kernel, the following vulnerability has been resolved: parport: Proper fix for array out-of-bounds access The recent fix for array out-of↗2024-10-29