VDB
DEBIAN-CVE-2024-38560
DEBIAN-CVE-2024-38560
PUBLISHED
CVSS 7.099999904632568 HIGH
In the Linux kernel, the following vulnerability has been resolved: scsi: bfa: Ensure the copied buf is NUL terminated Currently, we allocate a nbytes-sized kernel buffer and copy nbytes from userspace to that buffer. Later, we use sscanf on this buffer but we don't ensure that the string is terminated inside the buffer, this can lead to OOB read when using sscanf. Fix this issue by using memdup_user_nul instead of memdup_user.
Risk Scores
CVSS 3.1
7.099999904632568
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:14 | linux | 0, 0 |
| Debian:11 | linux | 5.10.140-1, 5.10.92-1~bpo10+1, 5.10.92-2 |
| Debian:12 | linux | 0, 6.1.37-1, 6.1.38-1 |
| Debian:13 | linux | 0, 0 |
Timeline
- Jun 19, 2024 CVE Published
- Apr 28, 2026 CVE Updated