CVE-2024-43839

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-43839
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-43839.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-43839
Downstream
Related
Published
2024-08-17T09:21:55.085Z
Modified
2026-03-11T07:45:46.000069Z
Summary
bna: adjust 'name' buf size of bna_tcb and bna_ccb structures
Details

In the Linux kernel, the following vulnerability has been resolved:

bna: adjust 'name' buf size of bnatcb and bnaccb structures

To have enough space to write all possible sprintf() args. Currently 'name' size is 16, but the first '%s' specifier may already need at least 16 characters, since 'bnad->netdev->name' is used there.

For '%d' specifiers, assume that they require: * 1 char for 'txid + txinfo->tcb[i]->id' sum, BNADMAXTXQPERTX is 8 * 2 chars for 'rxid + rxinfo->rxctrl[i].ccb->id', BNADMAXRXPPER_RX is 16

And replace sprintf with snprintf.

Detected using the static analysis tool - Svace.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/43xxx/CVE-2024-43839.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
8b230ed8ec96c933047dd0625cf95f739e4939a6
Fixed
f121740f69eda4da2de9a20a6687a13593e72540
Fixed
c90b1cd7758fd4839909e838ae195d19f8065d76
Fixed
6ce46045f9b90d952602e2c0b8886cfadf860bf1
Fixed
6d20c4044ab4d0e6a99aa35853e66f0aed5589e3
Fixed
ab748dd10d8742561f2980fea08ffb4f0cacfdef
Fixed
b0ff0cd0847b03c0a0abe20cfa900eabcfcb9e43
Fixed
e0f48f51d55fb187400e9787192eda09fa200ff5
Fixed
c9741a03dc8e491e57b95fba0058ab46b7e506da

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-43839.json"