Lucene search
Redhat.comRH:CVE-2024-38559HistoryJun 20, 2024 - 5:33 p.m.
CVE-2024-38559
2024-06-2017:33:58
redhat.com
access.redhat.com
4
linux kernel vulnerability resolved
scsi driver
buffer overflow
user space buffer
out of bounds read
In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Ensure the copied buf is NUL terminated Currently, we allocate a count-sized kernel buffer and copy count from userspace to that buffer. Later, we use kstrtouint on this buffer but we don’t ensure that the string is terminated inside the buffer, this can lead to OOB read when using kstrtouint. Fix this issue by using memdup_user_nul instead of memdup_user.
Related
debiancve
debiancve
CVE-2024-38559
2024-06-19 14:15:16
nvd
nvd
CVE-2024-38559
2024-06-19 14:15:16
vulnrichment
vulnrichment
CVE-2024-38559 scsi: qedf: Ensure the copied buf is NUL terminated
2024-06-19 13:35:28
cve
cve
CVE-2024-38559
2024-06-19 14:15:16
ubuntucve
ubuntucve
CVE-2024-38559
2024-06-20 00:00:00
cvelist
cvelist
CVE-2024-38559 scsi: qedf: Ensure the copied buf is NUL terminated
2024-06-19 13:35:28
osv
osv
linux - security update
2024-06-25 00:00:00