CVE-2024-27401
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-27401
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-27401.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-27401
- Downstream
- Related
- Published
- 2024-05-13T10:29:53.862Z
- Modified
- 2025-11-28T02:35:38.959299Z
- Summary
- firewire: nosy: ensure user_length is taken into account when fetching packet contents
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
firewire: nosy: ensure user_length is taken into account when fetching packet contents
Ensure that packetbufferget respects the userlength provided. If the length of the head packet exceeds the userlength, packetbufferget will now return 0 to signify to the user that no data were read and a larger buffer size is required. Helps prevent user space overflows.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/27xxx/CVE-2024-27401.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/1fe60ee709436550f8cfbab01295936b868d5baa
- https://git.kernel.org/stable/c/38762a0763c10c24a4915feee722d7aa6e73eb98
- https://git.kernel.org/stable/c/4ee0941da10e8fdcdb34756b877efd3282594c1f
- https://git.kernel.org/stable/c/539d51ac48bcfcfa1b3d4a85f8df92fa22c1d41c
- https://git.kernel.org/stable/c/67f34f093c0f7bf33f5b4ae64d3d695a3b978285
- https://git.kernel.org/stable/c/79f988d3ffc1aa778fc5181bdfab312e57956c6b
- https://git.kernel.org/stable/c/7b8c7bd2296e95b38a6ff346242356a2e7190239
- https://git.kernel.org/stable/c/cca330c59c54207567a648357835f59df9a286bb
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/27xxx/CVE-2024-27401.json
- https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html
- https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DW2MIOIMOFUSNLHLRYX23AFR36BMKD65/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OTB4HWU2PTVW5NEYHHLOCXDKG3PYA534/
- https://nvd.nist.gov/vuln/detail/CVE-2024-27401
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced1da177e4c3f41524e886b7f1b8a0c1fc7321cac2Fixed67f34f093c0f7bf33f5b4ae64d3d695a3b978285Fixed7b8c7bd2296e95b38a6ff346242356a2e7190239Fixedcca330c59c54207567a648357835f59df9a286bbFixed79f988d3ffc1aa778fc5181bdfab312e57956c6bFixed4ee0941da10e8fdcdb34756b877efd3282594c1fFixed1fe60ee709436550f8cfbab01295936b868d5baaFixed539d51ac48bcfcfa1b3d4a85f8df92fa22c1d41cFixed38762a0763c10c24a4915feee722d7aa6e73eb98
Linux / Kernel
Package
- Name
- Kernel
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.19.314
- Type
- ECOSYSTEM
- Events
-
Introduced4.20.0Fixed5.4.276
- Type
- ECOSYSTEM
- Events
-
Introduced5.5.0Fixed5.10.217
- Type
- ECOSYSTEM
- Events
-
Introduced5.11.0Fixed5.15.159
- Type
- ECOSYSTEM
- Events
-
Introduced5.16.0Fixed6.1.91
- Type
- ECOSYSTEM
- Events
-
Introduced6.2.0Fixed6.6.31
- Type
- ECOSYSTEM
- Events
-
Introduced6.7.0Fixed6.8.10