CVE-2024-36957

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-36957

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-36957.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-36957

Downstream

BELL-CVE-2024-36957

DEBIAN-CVE-2024-36957

DLA-3843-1

DSA-5703-1

OESA-2024-1706

OESA-2024-1707

RHSA-2024:4106

RHSA-2024:4108

RHSA-2024:4583

SUSE-SU-2024:2571-1

SUSE-SU-2024:2896-1

SUSE-SU-2024:2973-1

SUSE-SU-2024:3983-1

SUSE-SU-2024:3985-1

SUSE-SU-2024:4364-1

UBUNTU-CVE-2024-36957

USN-6949-1

USN-6949-2

USN-6950-1

USN-6950-2

USN-6950-3

USN-6950-4

USN-6952-1

USN-6952-2

USN-6955-1

USN-6956-1

USN-6957-1

USN-7019-1

Related

Published

2024-05-30T16:15:18Z

Modified

2025-08-09T20:01:26Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

octeontx2-af: avoid off-by-one read from userspace

We try to access count + 1 byte from userspace with memdupuser(buffer, count + 1). However, the userspace only provides buffer of count bytes and only these count bytes are verified to be okay to access. To ensure the copied buffer is NUL terminated, we use memdupuser_nul instead.

References

Affected packages