VDB

DEBIAN-CVE-2024-36934

DEBIAN-CVE-2024-36934 PUBLISHED CVSS 7.800000190734863 HIGH

In the Linux kernel, the following vulnerability has been resolved: bna: ensure the copied buf is NUL terminated Currently, we allocate a nbytes-sized kernel buffer and copy nbytes from userspace to that buffer. Later, we use sscanf on this buffer but we don't ensure that the string is terminated inside the buffer, this can lead to OOB read when using sscanf. Fix this issue by using memdup_user_nul instead of memdup_user.

Risk Scores

CVSS 3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
Debian:11linux5.10.162-1, 5.10.70-1~bpo10+1, 5.10.92-1
Debian:13linux0, 0
Debian:12linux6.1.27-1, 6.1.37-1, 6.1.38-1
Debian:14linux0, 0

Timeline

  • May 30, 2024 CVE Published
  • Apr 28, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›