VDB
DEBIAN-CVE-2024-36934
DEBIAN-CVE-2024-36934
PUBLISHED
CVSS 7.800000190734863 HIGH
In the Linux kernel, the following vulnerability has been resolved: bna: ensure the copied buf is NUL terminated Currently, we allocate a nbytes-sized kernel buffer and copy nbytes from userspace to that buffer. Later, we use sscanf on this buffer but we don't ensure that the string is terminated inside the buffer, this can lead to OOB read when using sscanf. Fix this issue by using memdup_user_nul instead of memdup_user.
Risk Scores
CVSS 3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:11 | linux | 5.10.162-1, 5.10.70-1~bpo10+1, 5.10.92-1 |
| Debian:13 | linux | 0, 0 |
| Debian:12 | linux | 6.1.27-1, 6.1.37-1, 6.1.38-1 |
| Debian:14 | linux | 0, 0 |
Timeline
- May 30, 2024 CVE Published
- Apr 28, 2026 CVE Updated