In the Linux kernel, the following vulnerability has been resolved: igb:
Fix string truncation warnings in igb_set_fw_version Commit 1978d3ead82c
(“intel: fix string truncation warnings”) fixes ‘-Wformat-truncation=’
warnings in igb_main.c by using kasprintf.
drivers/net/ethernet/intel/igb/igb_main.c:3092:53: warning:‘%d’ directive
output may be truncated writing between 1 and 5 bytes into a region of size
between 1 and 13 [-Wformat-truncation=] 3092 | “%d.%d, 0x%08x, %d.%d.%d”, |
^~ drivers/net/ethernet/intel/igb/igb_main.c:3092:34: note:directive
argument in the range [0, 65535] 3092 | “%d.%d, 0x%08x, %d.%d.%d”, |
^~~~~~~~~~~~~~~~~~~~~~~~~
drivers/net/ethernet/intel/igb/igb_main.c:3092:34: note:directive argument
in the range [0, 65535] drivers/net/ethernet/intel/igb/igb_main.c:3090:25:
note:‘snprintf’ output between 23 and 43 bytes into a destination of size
32 kasprintf() returns a pointer to dynamically allocated memory which can
be NULL upon failure. Fix this warning by using a larger space for
adapter->fw_version, and then fall back and continue to use snprintf.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 23.10 | noarch | linux | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 14.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 16.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws | < any | UNKNOWN |
git.kernel.org/linus/c56d055893cbe97848611855d1c97d0ab171eccc (6.8-rc5)
git.kernel.org/stable/c/c56d055893cbe97848611855d1c97d0ab171eccc
launchpad.net/bugs/cve/CVE-2024-36010
nvd.nist.gov/vuln/detail/CVE-2024-36010
security-tracker.debian.org/tracker/CVE-2024-36010
www.cve.org/CVERecord?id=CVE-2024-36010