CVE-2024-36931: s390/cio: Ensure the copied buf is NUL terminated
First published: Thu May 30 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: s390/cio: Ensure the copied buf is NUL terminated Currently, we allocate a lbuf-sized kernel buffer and copy lbuf from userspace to that buffer. Later, we use scanf on this buffer but we don't ensure that the string is terminated inside the buffer, this can lead to OOB read when using scanf. Fix this issue by using memdup_user_nul instead.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | >=5.13<5.15.159 | |
| Linux Kernel | >=5.16<6.1.91 | |
| Linux Kernel | >=6.2<6.6.31 | |
| Linux Kernel | >=6.7<6.8.10 | |
| Linux Kernel | =6.9-rc1 | |
| Linux Kernel | =6.9-rc2 | |
| Linux Kernel | =6.9-rc3 | |
| Linux Kernel | =6.9-rc4 | |
| Linux Kernel | =6.9-rc5 | |
| Linux Kernel | =6.9-rc6 | |
| debian/linux | 5.10.223-1 5.10.226-1 6.1.123-1 6.1.128-1 6.12.12-1 6.12.15-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/06759ebaf75c19c87b2453a5e130e9e61e9b5d65
- https://git.kernel.org/stable/c/10452edd175fcc4fd0f5ac782ed2a002e3e5d65c
- https://git.kernel.org/stable/c/84b38f48836662c4bfae646c014f4e981e16a2b2
- https://git.kernel.org/stable/c/c9d48ce163305595ae20aee27774192476d5e6a5
- https://git.kernel.org/stable/c/da7c622cddd4fe36be69ca61e8c42e43cde94784
- https://launchpad.net/bugs/cve/CVE-2024-36931
- https://git.kernel.org/linus/da7c622cddd4fe36be69ca61e8c42e43cde94784
- https://security-tracker.debian.org/tracker/CVE-2024-36931
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36931
- https://nvd.nist.gov/vuln/detail/CVE-2024-36931
- https://ubuntu.com/security/CVE-2024-36931
Frequently Asked Questions
What is the severity of CVE-2024-36931?
CVE-2024-36931 has been classified with a moderate severity level due to potential information leakage.
How do I fix CVE-2024-36931?
To resolve CVE-2024-36931, update the Linux kernel to version 5.10.223-1, 5.10.226-1, 6.1.123-1, or later versions.
Which Linux kernel versions are impacted by CVE-2024-36931?
CVE-2024-36931 affects various Linux kernel versions from 5.13 to versions below 6.1.91.
Is there a specific patch for CVE-2024-36931?
Yes, patches for CVE-2024-36931 are included in the kernel updates for the specified safe versions.
What is the nature of the vulnerability in CVE-2024-36931?
CVE-2024-36931 involves a failure to ensure that a copied buffer is NUL terminated, potentially leading to unexpected behavior when using string functions.
- agent/title
- agent/type
- collector/epss-latest
- source/FIRST
- agent/epss
- collector/launchpad-cve
- source/Launchpad
- agent/first-publish-date
- agent/author
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/trending
- agent/remedy
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/source
- agent/description
- agent/event
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-api
- agent/tags
- agent/softwarecombine
- collector/usn-cve
- source/Ubuntu
- collector/security-tracker-debian
- source/Debian
- vendor/linux
- canonical/linux kernel
- version/linux kernel/5.13
- version/linux kernel/5.16
- version/linux kernel/6.2
- version/linux kernel/6.7
- version/linux kernel/6.9-rc1
- version/linux kernel/6.9-rc2
- version/linux kernel/6.9-rc3
- version/linux kernel/6.9-rc4
- version/linux kernel/6.9-rc5
- version/linux kernel/6.9-rc6
- package-manager/debian