| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024053041-CVE-2024-36957-5919@gregkh> Date: Thu, 30 May 2024 17:35:54 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2024-36957: octeontx2-af: avoid off-by-one read from userspace Description =========== In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: avoid off-by-one read from userspace We try to access count + 1 byte from userspace with memdup_user(buffer, count + 1). However, the userspace only provides buffer of count bytes and only these count bytes are verified to be okay to access. To ensure the copied buffer is NUL terminated, we use memdup_user_nul instead. The Linux kernel CVE team has assigned CVE-2024-36957 to this issue. Affected and fixed versions =========================== Issue introduced in 5.10.20 with commit dae49384d0d7 and fixed in 5.10.217 with commit bcdac70adceb Issue introduced in 5.12 with commit 3a2eb515d136 and fixed in 5.15.159 with commit ec697fbd38cb Issue introduced in 5.12 with commit 3a2eb515d136 and fixed in 6.1.91 with commit 8f11fe3ea3fc Issue introduced in 5.12 with commit 3a2eb515d136 and fixed in 6.6.31 with commit 0a0285cee11c Issue introduced in 5.12 with commit 3a2eb515d136 and fixed in 6.8.10 with commit fc3e0076c1f8 Issue introduced in 5.12 with commit 3a2eb515d136 and fixed in 6.9 with commit f299ee709fb4 Issue introduced in 5.11.3 with commit c9a2ed3fdd03 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2024-36957 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/net/ethernet/marvell/octeontx2/af/rvu_debugfs.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/bcdac70adceb44373da204c3c297f2a98e13216e https://git.kernel.org/stable/c/ec697fbd38cbe2eef0948b58673b146caa95402f https://git.kernel.org/stable/c/8f11fe3ea3fc261640cfc8a5addd838000407c67 https://git.kernel.org/stable/c/0a0285cee11c7dcc2657bcd456e469958a5009e7 https://git.kernel.org/stable/c/fc3e0076c1f82fe981d321e3a7bad4cbee542c19 https://git.kernel.org/stable/c/f299ee709fb45036454ca11e90cb2810fe771878
Powered by blists - more mailing lists