Lucene search
Ubuntu.comUB:CVE-2024-36016HistoryMay 29, 2024 - 12:00 a.m.
CVE-2024-36016
2024-05-2900:00:00
ubuntu.com
ubuntu.com
4
linux kernel
n_gsm
vulnerability
fix
out-of-bounds
advanced option mode
memory corruption
exploit
In the Linux kernel, the following vulnerability has been resolved:
tty: n_gsm: fix possible out-of-bounds in gsm0_receive()
Assuming the following:
- side A configures the n_gsm in basic option mode
- side B sends the header of a basic option mode frame with data length 1
- side A switches to advanced option mode
- side B sends 2 data bytes which exceeds gsm->len
Reason: gsm->len is not used in advanced option mode. - side A switches to basic option mode
- side B keeps sending until gsm0_receive() writes past gsm->buf
Reason: Neither gsm->state nor gsm->len have been reset after
reconfiguration.
Fix this by changing gsm->count to gsm->len comparison from equal to less
than. Also add upper limit checks against the constant MAX_MRU in
gsm0_receive() and gsm1_receive() to harden against memory corruption of
gsm->len and gsm->mru.
All other checks remain as we still need to limit the data according to the
user configuration and actual payload size.
Notes
| Author | Note |
|---|---|
| Priority reason: Public exploit available. |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 18.04 | noarch | linux | < any | UNKNOWN |
| ubuntu | 20.04 | noarch | linux | < any | UNKNOWN |
| ubuntu | 22.04 | noarch | linux | < any | UNKNOWN |
| ubuntu | 23.10 | noarch | linux | < any | UNKNOWN |
| ubuntu | 24.04 | noarch | linux | < any | UNKNOWN |
| ubuntu | 14.04 | noarch | linux | < any | UNKNOWN |
| ubuntu | 16.04 | noarch | linux | < any | UNKNOWN |
| ubuntu | 18.04 | noarch | linux-aws | < any | UNKNOWN |
| ubuntu | 20.04 | noarch | linux-aws | < any | UNKNOWN |
| ubuntu | 22.04 | noarch | linux-aws | < any | UNKNOWN |
References
git.kernel.org/linus/47388e807f85948eefc403a8a5fdc5b406a65d5a (6.10-rc1)
git.kernel.org/stable/c/47388e807f85948eefc403a8a5fdc5b406a65d5a
launchpad.net/bugs/cve/CVE-2024-36016
nvd.nist.gov/vuln/detail/CVE-2024-36016
security-tracker.debian.org/tracker/CVE-2024-36016
www.cve.org/CVERecord?id=CVE-2024-36016
Related
vulnrichment
vulnrichment
CVE-2024-36016 tty: n_gsm: fix possible out-of-bounds in gsm0_receive()
2024-05-29 18:46:34
nvd
nvd
CVE-2024-36016
2024-05-29 19:15:48
redhatcve
redhatcve
CVE-2024-36016
2024-05-30 07:33:21
cve
cve
CVE-2024-36016
2024-05-29 19:15:48
cvelist
cvelist
CVE-2024-36016 tty: n_gsm: fix possible out-of-bounds in gsm0_receive()
2024-05-29 18:46:34
debiancve
debiancve
CVE-2024-36016
2024-05-29 19:15:48
osv
osv
linux - security update
2024-06-25 00:00:00
nessus
nessus
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:2135-1)
2024-06-22 00:00:00
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:2008-1)
2024-06-13 00:00:00
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:2019-1)
2024-06-14 00:00:00