CVE-2024-38559

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-38559

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-38559.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-38559

Downstream

BELL-CVE-2024-38559

DEBIAN-CVE-2024-38559

DLA-3840-1

DSA-5730-1

OESA-2024-1835

OESA-2024-1894

OESA-2024-1896

OESA-2024-1897

RHSA-2024:6567

RHSA-2024:6744

RHSA-2024:6745

RHSA-2024:7000

RHSA-2024:7001

RLSA-2024:7000

SUSE-SU-2024:2362-1

SUSE-SU-2024:2365-1

SUSE-SU-2024:2372-1

SUSE-SU-2024:2384-1

SUSE-SU-2024:2385-1

SUSE-SU-2024:2394-1

SUSE-SU-2024:2495-1

SUSE-SU-2024:2571-1

SUSE-SU-2024:2894-1

SUSE-SU-2024:2896-1

SUSE-SU-2024:2923-1

SUSE-SU-2024:2929-1

SUSE-SU-2024:2939-1

SUSE-SU-2024:2947-1

SUSE-SU-2024:2948-1

SUSE-SU-2025:1293-1

UBUNTU-CVE-2024-38559

USN-6949-1

USN-6949-2

USN-6951-1

USN-6951-2

USN-6951-3

USN-6951-4

USN-6952-1

USN-6952-2

USN-6953-1

USN-6955-1

USN-6979-1

USN-7007-1

USN-7007-2

USN-7007-3

USN-7009-1

USN-7009-2

USN-7019-1

Related

Published

2024-06-19T14:15:16Z

Modified

2025-08-09T20:01:27Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

scsi: qedf: Ensure the copied buf is NUL terminated

Currently, we allocate a count-sized kernel buffer and copy count from userspace to that buffer. Later, we use kstrtouint on this buffer but we don't ensure that the string is terminated inside the buffer, this can lead to OOB read when using kstrtouint. Fix this issue by using memdupusernul instead of memdup_user.

References

Affected packages