CVE-2024-38579

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-38579
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-38579.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-38579
Downstream
Related
Published
2024-06-19T13:37:37.154Z
Modified
2026-03-13T07:56:55.247008Z
Summary
crypto: bcm - Fix pointer arithmetic
Details

In the Linux kernel, the following vulnerability has been resolved:

crypto: bcm - Fix pointer arithmetic

In spu2dumpomd() value of ptr is increased by ciphkeylen instead of hashivlen which could lead to going beyond the buffer boundaries. Fix this bug by changing ciphkeylen to hashivlen.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/38xxx/CVE-2024-38579.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
9d12ba86f818aa9cfe9f01b750336aa441f2ffa2
Fixed
c256b616067bfd6d274c679c06986b78d2402434
Fixed
e719c8991c161977a67197775067ab456b518c7b
Fixed
ebed0d666fa709bae9e8cafa8ec6e7ebd1d318c6
Fixed
c69a1e4b419c2c466dd8c5602bdebadc353973dd
Fixed
49833a8da6407e7e9b532cc4054fdbcaf78f5fdd
Fixed
d0f14ae223c2421b334c1f1a9e48f1e809aee3a0
Fixed
c0082ee420639a97e40cae66778b02b341b005e5
Fixed
3b7a40740f04e2f27114dfd6225c5e721dda9d57
Fixed
2b3460cbf454c6b03d7429e9ffc4fe09322eb1a9

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-38579.json"