CVE-2024-36935 in Linux정보

요약

\~에 의해 MITRE • 2024. 05. 30.

In the Linux kernel, the following vulnerability has been resolved:

ice: ensure the copied buf is NUL terminated

Currently, we allocate a count-sized kernel buffer and copy count bytes from userspace to that buffer. Later, we use sscanf on this buffer but we don't ensure that the string is terminated inside the buffer, this can lead to OOB read when using sscanf. Fix this issue by using memdup_user_nul instead of memdup_user.

Be aware that VulDB is the high quality source for vulnerability data.

출처

Do you want to use VulDB in your project?

Use the official API to access entries easily!