CVE-2024-49995

Nov. 8, 2024, 4:15 p.m.

7.8
High

Description

In the Linux kernel, the following vulnerability has been resolved: tipc: guard against string buffer overrun Smatch reports that copying media_name and if_name to name_parts may overwrite the destination. .../bearer.c:166 bearer_name_validate() error: strcpy() 'media_name' too large for 'name_parts->media_name' (32 vs 16) .../bearer.c:167 bearer_name_validate() error: strcpy() 'if_name' too large for 'name_parts->if_name' (1010102 vs 16) This does seem to be the case so guard against this possibility by using strscpy() and failing if truncation occurs. Introduced by commit b97bf3fd8f6a ("[TIPC] Initial merge") Compile tested only.

Product(s) Impacted

Vendor Product Versions
Linux
  • Linux Kernel
  • *

Weaknesses

Common security weaknesses mapped to this vulnerability.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /

References

https://git.kernel.org/stable/c/12d26aa7fd3cbdbc5149b6e516563478d575026e
https://git.kernel.org/stable/c/2ed7f42dfd3edb387034128ca5b0f639836d4ddd
https://git.kernel.org/stable/c/54dae0e9063ed23c9acf8d5ab9b18d3426a8ac18
https://git.kernel.org/stable/c/6555a2a9212be6983d2319d65276484f7c5f431a
https://git.kernel.org/stable/c/80c0be7bcf940ce9308311575c3aff8983c9b97a
https://git.kernel.org/stable/c/8298b6e45fb4d8944f356b08e4ea3e54df5e0488
https://git.kernel.org/stable/c/a18c7b239d02aafb791ae2c45226f6bb40641792
https://git.kernel.org/stable/c/c79768ffba5b6e95569a463a69b3101c95694867
https://git.kernel.org/stable/c/e2b2558971e02ca33eb637a8350d68a48b3e8e46

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
NVD-CWE-noinfo
2024-10-21
CVE-2024-49995

CVSS Score

7.8 / 10

CVSS Data - 3.1

  • Attack Vector: LOCAL
  • Attack Complexity: LOW
  • Privileges Required: LOW
  • Scope: UNCHANGED
  • Confidentiality Impact: HIGH
  • Integrity Impact: HIGH
  • Availability Impact: HIGH

    • CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

    View Vector String

Timeline

Published: Oct. 21, 2024, 6:15 p.m.
Last Modified: Nov. 8, 2024, 4:15 p.m.

Status : Modified

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.