CVE-2024-42301

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-42301
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-42301.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-42301
Downstream
Related
Published
2024-08-17T09:15:10Z
Modified
2025-08-09T20:01:26Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

dev/parport: fix the array out-of-bounds risk

Fixed array out-of-bounds issues caused by sprintf by replacing it with snprintf for safer data copying, ensuring the destination buffer is not overflowed.

Below is the stack trace I encountered during the actual issue:

[ 66.575408s] [pid:5118,cpu4,QThread,4]Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: dohardwarebaseaddr+0xcc/0xd0 [parport] [ 66.575408s] [pid:5118,cpu4,QThread,5]CPU: 4 PID: 5118 Comm: QThread Tainted: G S W O 5.10.97-arm64-desktop #7100.57021.2 [ 66.575439s] [pid:5118,cpu4,QThread,6]TGID: 5087 Comm: EFileApp [ 66.575439s] [pid:5118,cpu4,QThread,7]Hardware name: HUAWEI HUAWEI QingYun PGUX-W515x-B081/SP1PANGUXM, BIOS 1.00.07 04/29/2024 [ 66.575439s] [pid:5118,cpu4,QThread,8]Call trace: [ 66.575469s] [pid:5118,cpu4,QThread,9] dumpbacktrace+0x0/0x1c0 [ 66.575469s] [pid:5118,cpu4,QThread,0] showstack+0x14/0x20 [ 66.575469s] [pid:5118,cpu4,QThread,1] dumpstack+0xd4/0x10c [ 66.575500s] [pid:5118,cpu4,QThread,2] panic+0x1d8/0x3bc [ 66.575500s] [pid:5118,cpu4,QThread,3] _stackchkfail+0x2c/0x38 [ 66.575500s] [pid:5118,cpu4,QThread,4] dohardwarebaseaddr+0xcc/0xd0 [parport]

References

Affected packages