CVE-2024-36957
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-36957
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-36957.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-36957
- Downstream
- Related
- Published
- 2024-05-30T15:35:50.445Z
- Modified
- 2025-11-28T02:35:41.619852Z
- Summary
- octeontx2-af: avoid off-by-one read from userspace
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
octeontx2-af: avoid off-by-one read from userspace
We try to access count + 1 byte from userspace with memdupuser(buffer, count + 1). However, the userspace only provides buffer of count bytes and only these count bytes are verified to be okay to access. To ensure the copied buffer is NUL terminated, we use memdupuser_nul instead.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/36xxx/CVE-2024-36957.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/0a0285cee11c7dcc2657bcd456e469958a5009e7
- https://git.kernel.org/stable/c/8f11fe3ea3fc261640cfc8a5addd838000407c67
- https://git.kernel.org/stable/c/bcdac70adceb44373da204c3c297f2a98e13216e
- https://git.kernel.org/stable/c/ec697fbd38cbe2eef0948b58673b146caa95402f
- https://git.kernel.org/stable/c/f299ee709fb45036454ca11e90cb2810fe771878
- https://git.kernel.org/stable/c/fc3e0076c1f82fe981d321e3a7bad4cbee542c19
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/36xxx/CVE-2024-36957.json
- https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html
- https://nvd.nist.gov/vuln/detail/CVE-2024-36957
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduceddae49384d0d7695540e2d75168f323cef1384810Fixedbcdac70adceb44373da204c3c297f2a98e13216e
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced3a2eb515d1367c0f667b76089a6e727279c688b8Fixedec697fbd38cbe2eef0948b58673b146caa95402fFixed8f11fe3ea3fc261640cfc8a5addd838000407c67Fixed0a0285cee11c7dcc2657bcd456e469958a5009e7Fixedfc3e0076c1f82fe981d321e3a7bad4cbee542c19Fixedf299ee709fb45036454ca11e90cb2810fe771878
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedc9a2ed3fdd037314a71e6a6ba5d99a3605f6f9c7
Linux / Kernel
Package
- Name
- Kernel
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.10.217
- Type
- ECOSYSTEM
- Events
-
Introduced5.11.0Fixed5.15.159
- Type
- ECOSYSTEM
- Events
-
Introduced5.12.0Fixed6.1.91
- Type
- ECOSYSTEM
- Events
-
Introduced5.16.0Fixed6.6.31
- Type
- ECOSYSTEM
- Events
-
Introduced6.2.0Fixed6.8.10