CVE-2024-50131: tracing: Consider the NULL character when validating the event length
First published: Tue Nov 05 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: tracing: Consider the NULL character when validating the event length strlen() returns a string length excluding the null byte. If the string length equals to the maximum buffer length, the buffer will have no space for the NULL terminating character. This commit checks this condition and returns failure for it.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | >=5.1<5.15.170 | |
| Linux Kernel | >=5.16<6.1.115 | |
| Linux Kernel | >=6.2<6.6.59 | |
| Linux Kernel | >=6.7<6.11.6 | |
| Linux Kernel | =6.12-rc1 | |
| Linux Kernel | =6.12-rc2 | |
| Linux Kernel | =6.12-rc3 | |
| Linux Kernel | =6.12-rc4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/b86b0d6eea204116e4185acc35041ca4ff11a642
- https://git.kernel.org/stable/c/f4ed40d1c669bba1a54407d8182acdc405683f29
- https://git.kernel.org/stable/c/a14a075a14af8d622c576145455702591bdde09d
- https://git.kernel.org/stable/c/5fd942598ddeed9a212d1ff41f9f5b47bcc990a7
- https://git.kernel.org/stable/c/0b6e2e22cb23105fcb171ab92f0f7516c69c8471
- https://git.kernel.org/stable/c/02874ca52df2ca2423ba6122039315ed61c25972
- https://git.kernel.org/stable/c/5e3231b352725ff4a3a0095e6035af674f2d8725
Frequently Asked Questions
What is the severity of CVE-2024-50131?
CVE-2024-50131 has a high severity rating due to its potential impact on system stability and security.
Which versions of the Linux kernel are affected by CVE-2024-50131?
CVE-2024-50131 affects multiple versions of the Linux kernel from 5.1 to 6.12-rc4.
How do I fix CVE-2024-50131?
To fix CVE-2024-50131, upgrade your Linux kernel to a version that is not affected, specifically higher than 6.12-rc4.
What is the exploitability of CVE-2024-50131?
CVE-2024-50131 is considered potentially exploitable, which could lead to unauthorized access or denial of service.
What are the symptoms of CVE-2024-50131 on affected systems?
Affected systems may experience unexpected behavior or crashes related to kernel tracing functions.
- agent/title
- agent/type
- agent/description
- agent/first-publish-date
- agent/author
- agent/event
- agent/remedy
- agent/weakness
- agent/severity
- agent/softwarecombine
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/linux
- canonical/linux kernel
- version/linux kernel/5.1
- version/linux kernel/5.16
- version/linux kernel/6.2
- version/linux kernel/6.7
- version/linux kernel/6.12-rc1
- version/linux kernel/6.12-rc2
- version/linux kernel/6.12-rc3
- version/linux kernel/6.12-rc4