cve-2024-50074
Vulnerability from cvelistv5
Published
2024-10-29 00:50
Modified
2024-12-19 09:32
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
parport: Proper fix for array out-of-bounds access
The recent fix for array out-of-bounds accesses replaced sprintf()
calls blindly with snprintf(). However, since snprintf() returns the
would-be-printed size, not the actually output size, the length
calculation can still go over the given limit.
Use scnprintf() instead of snprintf(), which returns the actually
output letters, for addressing the potential out-of-bounds access
properly.
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Linux | Linux |
Version: 166a0bddcc27de41fe13f861c8348e8e53e988c8 Version: 47b3dce100778001cd76f7e9188944b5cb27a76d Version: a44f88f7576bc1916d8d6293f5c62fbe7cbe03e0 Version: c719b393374d3763e64900ee19aaed767d5a08d6 Version: 7f4da759092a1a6ce35fb085182d02de8cc4cc84 Version: b579ea3516c371ecf59d073772bc45dfd28c8a0e Version: ab11dac93d2d568d151b1918d7b84c2d02bacbd5 Version: ab11dac93d2d568d151b1918d7b84c2d02bacbd5 |
||||
|
{ "containers": { "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/parport/procfs.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "8aadef73ba3b325704ed5cfc4696a25c350182cf", "status": "affected", "version": "166a0bddcc27de41fe13f861c8348e8e53e988c8", "versionType": "git" }, { "lessThan": "b0641e53e6cb937487b6cfb15772374f0ba149b3", "status": "affected", "version": "47b3dce100778001cd76f7e9188944b5cb27a76d", "versionType": "git" }, { "lessThan": "1826b6d69bbb7f9ae8711827facbb2ad7f8d0aaa", "status": "affected", "version": "a44f88f7576bc1916d8d6293f5c62fbe7cbe03e0", "versionType": "git" }, { "lessThan": "440311903231c6e6c9bcf8acb6a2885a422e00bc", "status": "affected", "version": "c719b393374d3763e64900ee19aaed767d5a08d6", "versionType": "git" }, { "lessThan": "fca048f222ce9dcbde5708ba2bf81d85a4a27952", "status": "affected", "version": "7f4da759092a1a6ce35fb085182d02de8cc4cc84", "versionType": "git" }, { "lessThan": "66029078fee00646e2e9dbb8f41ff7819f8e7569", "status": "affected", "version": "b579ea3516c371ecf59d073772bc45dfd28c8a0e", "versionType": "git" }, { "lessThan": "2a8b26a09c8e3ea03da1ef3cd0ef6b96e559fba6", "status": "affected", "version": "ab11dac93d2d568d151b1918d7b84c2d02bacbd5", "versionType": "git" }, { "lessThan": "02ac3a9ef3a18b58d8f3ea2b6e46de657bf6c4f9", "status": "affected", "version": "ab11dac93d2d568d151b1918d7b84c2d02bacbd5", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/parport/procfs.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "6.11" }, { "lessThan": "6.11", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "4.19.*", "status": "unaffected", "version": "4.19.323", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.285", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.228", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.169", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.114", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.58", "versionType": "semver" }, { "lessThanOrEqual": "6.11.*", "status": "unaffected", "version": "6.11.5", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.12", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nparport: Proper fix for array out-of-bounds access\n\nThe recent fix for array out-of-bounds accesses replaced sprintf()\ncalls blindly with snprintf(). However, since snprintf() returns the\nwould-be-printed size, not the actually output size, the length\ncalculation can still go over the given limit.\n\nUse scnprintf() instead of snprintf(), which returns the actually\noutput letters, for addressing the potential out-of-bounds access\nproperly." } ], "providerMetadata": { "dateUpdated": "2024-12-19T09:32:30.211Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/8aadef73ba3b325704ed5cfc4696a25c350182cf" }, { "url": "https://git.kernel.org/stable/c/b0641e53e6cb937487b6cfb15772374f0ba149b3" }, { "url": "https://git.kernel.org/stable/c/1826b6d69bbb7f9ae8711827facbb2ad7f8d0aaa" }, { "url": "https://git.kernel.org/stable/c/440311903231c6e6c9bcf8acb6a2885a422e00bc" }, { "url": "https://git.kernel.org/stable/c/fca048f222ce9dcbde5708ba2bf81d85a4a27952" }, { "url": "https://git.kernel.org/stable/c/66029078fee00646e2e9dbb8f41ff7819f8e7569" }, { "url": "https://git.kernel.org/stable/c/2a8b26a09c8e3ea03da1ef3cd0ef6b96e559fba6" }, { "url": "https://git.kernel.org/stable/c/02ac3a9ef3a18b58d8f3ea2b6e46de657bf6c4f9" } ], "title": "parport: Proper fix for array out-of-bounds access", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-50074", "datePublished": "2024-10-29T00:50:16.263Z", "dateReserved": "2024-10-21T19:36:19.940Z", "dateUpdated": "2024-12-19T09:32:30.211Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2024-50074\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-10-29T01:15:04.540\",\"lastModified\":\"2024-11-08T16:15:45.653\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nparport: Proper fix for array out-of-bounds access\\n\\nThe recent fix for array out-of-bounds accesses replaced sprintf()\\ncalls blindly with snprintf(). However, since snprintf() returns the\\nwould-be-printed size, not the actually output size, the length\\ncalculation can still go over the given limit.\\n\\nUse scnprintf() instead of snprintf(), which returns the actually\\noutput letters, for addressing the potential out-of-bounds access\\nproperly.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: parport: Soluci\u00f3n adecuada para el acceso fuera de los l\u00edmites a matrices La soluci\u00f3n reciente para los accesos fuera de los l\u00edmites a matrices reemplaz\u00f3 las llamadas sprintf() ciegamente con snprintf(). Sin embargo, dado que snprintf() devuelve el tama\u00f1o que se imprimir\u00e1, no el tama\u00f1o de salida real, el c\u00e1lculo de la longitud a\u00fan puede superar el l\u00edmite dado. Utilice scnprintf() en lugar de snprintf(), que devuelve las letras de salida reales, para abordar el posible acceso fuera de los l\u00edmites correctamente.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.10.224\",\"versionEndExcluding\":\"5.10.228\",\"matchCriteriaId\":\"F063567D-B906-4EFC-B8A1-807AF8A51B2D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11\",\"versionEndExcluding\":\"5.15.169\",\"matchCriteriaId\":\"18BEDAD6-86F8-457C-952F-C35698B3D07F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.16\",\"versionEndExcluding\":\"6.1.114\",\"matchCriteriaId\":\"10FD2B3E-C7D9-4A9C-BD64-41877EDF88EB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2\",\"versionEndExcluding\":\"6.6.58\",\"matchCriteriaId\":\"6B9489BC-825E-4EEE-8D93-F93C801988C8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7\",\"versionEndExcluding\":\"6.11.5\",\"matchCriteriaId\":\"6E62D61A-F704-44DB-A311-17B7534DA7BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F361E1D-580F-4A2D-A509-7615F73167A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"925478D0-3E3D-4E6F-ACD5-09F28D5DF82C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C95E234-D335-4B6C-96BF-E2CEBD8654ED\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4CFF558-3C47-480D-A2F0-BABF26042943\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F6FB57C-2BC7-487C-96DD-132683AEB35D\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/02ac3a9ef3a18b58d8f3ea2b6e46de657bf6c4f9\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/1826b6d69bbb7f9ae8711827facbb2ad7f8d0aaa\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/2a8b26a09c8e3ea03da1ef3cd0ef6b96e559fba6\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/440311903231c6e6c9bcf8acb6a2885a422e00bc\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/66029078fee00646e2e9dbb8f41ff7819f8e7569\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/8aadef73ba3b325704ed5cfc4696a25c350182cf\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/b0641e53e6cb937487b6cfb15772374f0ba149b3\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/fca048f222ce9dcbde5708ba2bf81d85a4a27952\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}" } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.