Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2024-38559HistoryJun 19, 2024 - 2:15 p.m.
CVE-2024-38559
2024-06-1914:15:16
Debian Security Bug Tracker
security-tracker.debian.org
1
scsi driver
nul termination
cve-2024-38559
unix
In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Ensure the copied buf is NUL terminated Currently, we allocate a count-sized kernel buffer and copy count from userspace to that buffer. Later, we use kstrtouint on this buffer but we don’t ensure that the string is terminated inside the buffer, this can lead to OOB read when using kstrtouint. Fix this issue by using memdup_user_nul instead of memdup_user.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | linux | <= 6.1.76-1 | linux_6.1.76-1_all.deb |
| Debian | 11 | all | linux | <= 5.10.209-2 | linux_5.10.209-2_all.deb |
| Debian | 10 | all | linux | < 4.19.316-1 | linux_4.19.316-1_all.deb |
| Debian | 999 | all | linux | < 6.8.12-1 | linux_6.8.12-1_all.deb |
| Debian | 13 | all | linux | < 6.8.12-1 | linux_6.8.12-1_all.deb |
Related
redhatcve
redhatcve
CVE-2024-38559
2024-06-20 17:33:58
nvd
nvd
CVE-2024-38559
2024-06-19 14:15:16
vulnrichment
vulnrichment
CVE-2024-38559 scsi: qedf: Ensure the copied buf is NUL terminated
2024-06-19 13:35:28
cve
cve
CVE-2024-38559
2024-06-19 14:15:16
ubuntucve
ubuntucve
CVE-2024-38559
2024-06-20 00:00:00
cvelist
cvelist
CVE-2024-38559 scsi: qedf: Ensure the copied buf is NUL terminated
2024-06-19 13:35:28
osv
osv
linux - security update
2024-06-25 00:00:00
nessus
nessus
Debian dla-3840 : hyperv-daemons - security update
2024-06-27 00:00:00