| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024061953-CVE-2024-38559-3e03@gregkh> Date: Wed, 19 Jun 2024 15:36:08 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2024-38559: scsi: qedf: Ensure the copied buf is NUL terminated Description =========== In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Ensure the copied buf is NUL terminated Currently, we allocate a count-sized kernel buffer and copy count from userspace to that buffer. Later, we use kstrtouint on this buffer but we don't ensure that the string is terminated inside the buffer, this can lead to OOB read when using kstrtouint. Fix this issue by using memdup_user_nul instead of memdup_user. The Linux kernel CVE team has assigned CVE-2024-38559 to this issue. Affected and fixed versions =========================== Issue introduced in 4.11 with commit 61d8658b4a43 and fixed in 4.19.316 with commit 1f84a2744ad8 Issue introduced in 4.11 with commit 61d8658b4a43 and fixed in 5.4.278 with commit a75001678e1d Issue introduced in 4.11 with commit 61d8658b4a43 and fixed in 5.10.219 with commit 769b9fd2af02 Issue introduced in 4.11 with commit 61d8658b4a43 and fixed in 5.15.161 with commit dccd97b39ab2 Issue introduced in 4.11 with commit 61d8658b4a43 and fixed in 6.1.93 with commit d93318f19d1e Issue introduced in 4.11 with commit 61d8658b4a43 and fixed in 6.6.33 with commit 563e60927592 Issue introduced in 4.11 with commit 61d8658b4a43 and fixed in 6.8.12 with commit 4907f5ad246f Issue introduced in 4.11 with commit 61d8658b4a43 and fixed in 6.9.3 with commit 177f43c6892e Issue introduced in 4.11 with commit 61d8658b4a43 and fixed in 6.10-rc1 with commit d0184a375ee7 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2024-38559 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/scsi/qedf/qedf_debugfs.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/1f84a2744ad813be23fc4be99fb74bfb24aadb95 https://git.kernel.org/stable/c/a75001678e1d38aa607d5b898ec7ff8ed0700d59 https://git.kernel.org/stable/c/769b9fd2af02c069451fe9108dba73355d9a021c https://git.kernel.org/stable/c/dccd97b39ab2f2b1b9a47a1394647a4d65815255 https://git.kernel.org/stable/c/d93318f19d1e1a6d5f04f5d965eaa9055bb7c613 https://git.kernel.org/stable/c/563e609275927c0b75fbfd0d90441543aa7b5e0d https://git.kernel.org/stable/c/4907f5ad246fa9b51093ed7dfc7da9ebbd3f20b8 https://git.kernel.org/stable/c/177f43c6892e6055de6541fe9391a8a3d1f95fc9 https://git.kernel.org/stable/c/d0184a375ee797eb657d74861ba0935b6e405c62
Powered by blists - more mailing lists