CVE-2024-38579

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-38579

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-38579.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-38579

Downstream

BELL-CVE-2024-38579

DEBIAN-CVE-2024-38579

DLA-3840-1

DSA-5730-1

OESA-2024-1835

OESA-2024-1836

OESA-2024-1838

OESA-2024-1839

RHSA-2024:5928

RHSA-2024:7000

RLSA-2024:7000

SUSE-SU-2024:2360-1

SUSE-SU-2024:2372-1

SUSE-SU-2024:2381-1

SUSE-SU-2024:2394-1

SUSE-SU-2024:2561-1

SUSE-SU-2024:2571-1

SUSE-SU-2024:2896-1

SUSE-SU-2024:2939-1

SUSE-SU-2024:2973-1

UBUNTU-CVE-2024-38579

USN-6949-1

USN-6949-2

USN-6951-1

USN-6951-2

USN-6951-3

USN-6951-4

USN-6952-1

USN-6952-2

USN-6953-1

USN-6955-1

USN-6979-1

USN-7007-1

USN-7007-2

USN-7007-3

USN-7009-1

USN-7009-2

USN-7019-1

Related

Published

2024-06-19T14:15:17Z

Modified

2025-08-09T20:01:27Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

crypto: bcm - Fix pointer arithmetic

In spu2dumpomd() value of ptr is increased by ciphkeylen instead of hashivlen which could lead to going beyond the buffer boundaries. Fix this bug by changing ciphkeylen to hashivlen.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

References

Affected packages