CVE-2024-36935

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-36935

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-36935.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-36935

Downstream

BELL-CVE-2024-36935

DEBIAN-CVE-2024-36935

SUSE-SU-2024:2571-1

SUSE-SU-2024:2896-1

SUSE-SU-2024:2973-1

UBUNTU-CVE-2024-36935

USN-6949-1

USN-6949-2

USN-6952-1

USN-6952-2

USN-6955-1

Related

Published

2024-05-30T15:29:24Z

Modified

2025-10-17T06:31:52.451697Z

Summary

ice: ensure the copied buf is NUL terminated

Details

In the Linux kernel, the following vulnerability has been resolved:

ice: ensure the copied buf is NUL terminated

Currently, we allocate a count-sized kernel buffer and copy count bytes from userspace to that buffer. Later, we use sscanf on this buffer but we don't ensure that the string is terminated inside the buffer, this can lead to OOB read when using sscanf. Fix this issue by using memdupusernul instead of memdup_user.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

96a9a9341cdaea0c3bce4c134e04a2a42ae899ac

Fixed

5ff4de981983ed84f29b5d92b6550ec054e12a92

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

96a9a9341cdaea0c3bce4c134e04a2a42ae899ac

Fixed

666854ea9cad844f75a068f32812a2d78004914a

Affected versions

v6.*

v6.7

v6.7-rc5

v6.7-rc6

v6.7-rc7

v6.7-rc8

v6.8

v6.8-rc1

v6.8-rc2

v6.8-rc3

v6.8-rc4

v6.8-rc5

v6.8-rc6

v6.8-rc7

v6.8.1

v6.8.2

v6.8.3

v6.8.4

v6.8.5

v6.8.6

v6.8.7

v6.8.8

v6.8.9

v6.9-rc1

v6.9-rc2

v6.9-rc3

v6.9-rc4

v6.9-rc5

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

6.8.0

Fixed

6.8.10