Products
Linux Kernel
Source
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Tags
CVE-2024-38560 details
Published : June 19, 2024, 2:15 p.m.
Last Modified : June 19, 2024, 2:15 p.m.
Last Modified : June 19, 2024, 2:15 p.m.
Description
In the Linux kernel, the following vulnerability has been resolved: scsi: bfa: Ensure the copied buf is NUL terminated Currently, we allocate a nbytes-sized kernel buffer and copy nbytes from userspace to that buffer. Later, we use sscanf on this buffer but we don't ensure that the string is terminated inside the buffer, this can lead to OOB read when using sscanf. Fix this issue by using memdup_user_nul instead of memdup_user.
CVSS Score
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|
References
This website uses the NVD API, but is not approved or certified by it.