CVE-2024-43839
- Source
- https://cve.org/CVERecord?id=CVE-2024-43839
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-43839.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-43839
- Downstream
- Related
- Published
- 2024-08-17T09:21:55.085Z
- Modified
- 2026-05-07T04:18:01.791245Z
- Summary
- bna: adjust 'name' buf size of bna_tcb and bna_ccb structures
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
bna: adjust 'name' buf size of bnatcb and bnaccb structures
To have enough space to write all possible sprintf() args. Currently 'name' size is 16, but the first '%s' specifier may already need at least 16 characters, since 'bnad->netdev->name' is used there.
For '%d' specifiers, assume that they require: * 1 char for 'txid + txinfo->tcb[i]->id' sum, BNADMAXTXQPERTX is 8 * 2 chars for 'rxid + rxinfo->rxctrl[i].ccb->id', BNADMAXRXPPER_RX is 16
And replace sprintf with snprintf.
Detected using the static analysis tool - Svace.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/43xxx/CVE-2024-43839.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/stable/c/6ce46045f9b90d952602e2c0b8886cfadf860bf1
- https://git.kernel.org/stable/c/6d20c4044ab4d0e6a99aa35853e66f0aed5589e3
- https://git.kernel.org/stable/c/ab748dd10d8742561f2980fea08ffb4f0cacfdef
- https://git.kernel.org/stable/c/b0ff0cd0847b03c0a0abe20cfa900eabcfcb9e43
- https://git.kernel.org/stable/c/c90b1cd7758fd4839909e838ae195d19f8065d76
- https://git.kernel.org/stable/c/c9741a03dc8e491e57b95fba0058ab46b7e506da
- https://git.kernel.org/stable/c/e0f48f51d55fb187400e9787192eda09fa200ff5
- https://git.kernel.org/stable/c/f121740f69eda4da2de9a20a6687a13593e72540
- https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/43xxx/CVE-2024-43839.json
- https://nvd.nist.gov/vuln/detail/CVE-2024-43839
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced8b230ed8ec96c933047dd0625cf95f739e4939a6Fixedf121740f69eda4da2de9a20a6687a13593e72540Fixedc90b1cd7758fd4839909e838ae195d19f8065d76Fixed6ce46045f9b90d952602e2c0b8886cfadf860bf1Fixed6d20c4044ab4d0e6a99aa35853e66f0aed5589e3Fixedab748dd10d8742561f2980fea08ffb4f0cacfdefFixedb0ff0cd0847b03c0a0abe20cfa900eabcfcb9e43Fixede0f48f51d55fb187400e9787192eda09fa200ff5Fixedc9741a03dc8e491e57b95fba0058ab46b7e506da
Linux / Kernel
Package
- Name
- Kernel
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced2.6.37Fixed4.19.320
- Type
- ECOSYSTEM
- Events
-
Introduced4.20.0Fixed5.4.282
- Type
- ECOSYSTEM
- Events
-
Introduced5.5.0Fixed5.10.224
- Type
- ECOSYSTEM
- Events
-
Introduced5.11.0Fixed5.15.165
- Type
- ECOSYSTEM
- Events
-
Introduced5.16.0Fixed6.1.103
- Type
- ECOSYSTEM
- Events
-
Introduced6.2.0Fixed6.6.44
- Type
- ECOSYSTEM
- Events
-
Introduced6.7.0Fixed6.10.3