In the Linux kernel, the following vulnerability has been resolved:
parport: Proper fix for array out-of-bounds access
The recent fix for array out-of-bounds accesses replaced sprintf() calls blindly with snprintf(). However, since snprintf() returns the would-be-printed size, not the actually output size, the length calculation can still go over the given limit.
Use scnprintf() instead of snprintf(), which returns the actually output letters, for addressing the potential out-of-bounds access properly.
[
{
"signature_type": "Line",
"target": {
"file": "drivers/parport/procfs.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8aadef73ba3b325704ed5cfc4696a25c350182cf",
"deprecated": false,
"id": "CVE-2024-50074-4c8c6efa",
"signature_version": "v1",
"digest": {
"line_hashes": [
"154552649295934734466493748348640793568",
"228288853666000214578969373182124228337",
"207174582992268667593761489971242106467",
"20639254659376673694930241719319139916",
"225324996740477637305284156858848251081",
"276079758031724700036418614347577740596",
"188647296736108675160188230461657366300",
"195610703345605019090290321611563819402",
"289581768838648841361804072675850024107",
"85432569789460287837863241606586336110",
"188021013727212042881149308560502214580",
"4644556171047179197279753178149491077",
"241769774033802136272297689623117647260",
"39723849621091296641547161436796327308",
"336984557236342596682035405645841254316",
"324999486769667419963491028419701509695",
"197567379086979876084234752439049828169",
"60669591761558415878255767153713615055",
"28558099577146768693619948054846757154",
"16250808598942775587408179927024095677",
"251006342539833785978694831230121313825",
"176032129050670597843630365921342427532",
"134890883639832619703473205369142556676",
"205104964007673400958902459070609568809",
"252341728763449818624177790929804839035",
"7510384289225193883495132323565491350",
"167897283921023801566351069509092811624",
"152459742311615754769464721731893129298",
"27023730765489381869587408075575933739",
"15642861058865626190039274894467045229",
"87038392368243578310064173052134677677",
"315436905326867735222805019273008489730",
"929185974124524584088648247489819616",
"145576031143187455441452082700999129171",
"322284059893169880777505832123610473075",
"120448050411363951768967865903746848870"
],
"threshold": 0.9
}
},
{
"signature_type": "Line",
"target": {
"file": "drivers/parport/procfs.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@02ac3a9ef3a18b58d8f3ea2b6e46de657bf6c4f9",
"deprecated": false,
"id": "CVE-2024-50074-52c5e13f",
"signature_version": "v1",
"digest": {
"line_hashes": [
"154552649295934734466493748348640793568",
"228288853666000214578969373182124228337",
"207174582992268667593761489971242106467",
"20639254659376673694930241719319139916",
"225324996740477637305284156858848251081",
"276079758031724700036418614347577740596",
"188647296736108675160188230461657366300",
"195610703345605019090290321611563819402",
"289581768838648841361804072675850024107",
"85432569789460287837863241606586336110",
"188021013727212042881149308560502214580",
"4644556171047179197279753178149491077",
"241769774033802136272297689623117647260",
"39723849621091296641547161436796327308",
"336984557236342596682035405645841254316",
"324999486769667419963491028419701509695",
"197567379086979876084234752439049828169",
"60669591761558415878255767153713615055",
"28558099577146768693619948054846757154",
"16250808598942775587408179927024095677",
"251006342539833785978694831230121313825",
"176032129050670597843630365921342427532",
"134890883639832619703473205369142556676",
"205104964007673400958902459070609568809",
"252341728763449818624177790929804839035",
"7510384289225193883495132323565491350",
"167897283921023801566351069509092811624",
"152459742311615754769464721731893129298",
"27023730765489381869587408075575933739",
"15642861058865626190039274894467045229",
"87038392368243578310064173052134677677",
"315436905326867735222805019273008489730",
"929185974124524584088648247489819616",
"145576031143187455441452082700999129171",
"322284059893169880777505832123610473075",
"120448050411363951768967865903746848870"
],
"threshold": 0.9
}
},
{
"signature_type": "Line",
"target": {
"file": "drivers/parport/procfs.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fca048f222ce9dcbde5708ba2bf81d85a4a27952",
"deprecated": false,
"id": "CVE-2024-50074-7de05988",
"signature_version": "v1",
"digest": {
"line_hashes": [
"154552649295934734466493748348640793568",
"228288853666000214578969373182124228337",
"207174582992268667593761489971242106467",
"20639254659376673694930241719319139916",
"225324996740477637305284156858848251081",
"276079758031724700036418614347577740596",
"188647296736108675160188230461657366300",
"195610703345605019090290321611563819402",
"289581768838648841361804072675850024107",
"85432569789460287837863241606586336110",
"188021013727212042881149308560502214580",
"4644556171047179197279753178149491077",
"241769774033802136272297689623117647260",
"39723849621091296641547161436796327308",
"336984557236342596682035405645841254316",
"324999486769667419963491028419701509695",
"197567379086979876084234752439049828169",
"60669591761558415878255767153713615055",
"28558099577146768693619948054846757154",
"16250808598942775587408179927024095677",
"251006342539833785978694831230121313825",
"176032129050670597843630365921342427532",
"134890883639832619703473205369142556676",
"205104964007673400958902459070609568809",
"252341728763449818624177790929804839035",
"7510384289225193883495132323565491350",
"167897283921023801566351069509092811624",
"152459742311615754769464721731893129298",
"27023730765489381869587408075575933739",
"15642861058865626190039274894467045229",
"87038392368243578310064173052134677677",
"315436905326867735222805019273008489730",
"929185974124524584088648247489819616",
"145576031143187455441452082700999129171",
"322284059893169880777505832123610473075",
"120448050411363951768967865903746848870"
],
"threshold": 0.9
}
},
{
"signature_type": "Line",
"target": {
"file": "drivers/parport/procfs.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@440311903231c6e6c9bcf8acb6a2885a422e00bc",
"deprecated": false,
"id": "CVE-2024-50074-ab940bdf",
"signature_version": "v1",
"digest": {
"line_hashes": [
"154552649295934734466493748348640793568",
"228288853666000214578969373182124228337",
"207174582992268667593761489971242106467",
"20639254659376673694930241719319139916",
"225324996740477637305284156858848251081",
"276079758031724700036418614347577740596",
"188647296736108675160188230461657366300",
"195610703345605019090290321611563819402",
"289581768838648841361804072675850024107",
"85432569789460287837863241606586336110",
"188021013727212042881149308560502214580",
"4644556171047179197279753178149491077",
"241769774033802136272297689623117647260",
"39723849621091296641547161436796327308",
"336984557236342596682035405645841254316",
"324999486769667419963491028419701509695",
"197567379086979876084234752439049828169",
"60669591761558415878255767153713615055",
"28558099577146768693619948054846757154",
"16250808598942775587408179927024095677",
"251006342539833785978694831230121313825",
"176032129050670597843630365921342427532",
"134890883639832619703473205369142556676",
"205104964007673400958902459070609568809",
"252341728763449818624177790929804839035",
"7510384289225193883495132323565491350",
"167897283921023801566351069509092811624",
"152459742311615754769464721731893129298",
"27023730765489381869587408075575933739",
"15642861058865626190039274894467045229",
"87038392368243578310064173052134677677",
"315436905326867735222805019273008489730",
"929185974124524584088648247489819616",
"145576031143187455441452082700999129171",
"322284059893169880777505832123610473075",
"120448050411363951768967865903746848870"
],
"threshold": 0.9
}
},
{
"signature_type": "Line",
"target": {
"file": "drivers/parport/procfs.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b0641e53e6cb937487b6cfb15772374f0ba149b3",
"deprecated": false,
"id": "CVE-2024-50074-bc45831a",
"signature_version": "v1",
"digest": {
"line_hashes": [
"154552649295934734466493748348640793568",
"228288853666000214578969373182124228337",
"207174582992268667593761489971242106467",
"20639254659376673694930241719319139916",
"225324996740477637305284156858848251081",
"276079758031724700036418614347577740596",
"188647296736108675160188230461657366300",
"195610703345605019090290321611563819402",
"289581768838648841361804072675850024107",
"85432569789460287837863241606586336110",
"188021013727212042881149308560502214580",
"4644556171047179197279753178149491077",
"241769774033802136272297689623117647260",
"39723849621091296641547161436796327308",
"336984557236342596682035405645841254316",
"324999486769667419963491028419701509695",
"197567379086979876084234752439049828169",
"60669591761558415878255767153713615055",
"28558099577146768693619948054846757154",
"16250808598942775587408179927024095677",
"251006342539833785978694831230121313825",
"176032129050670597843630365921342427532",
"134890883639832619703473205369142556676",
"205104964007673400958902459070609568809",
"252341728763449818624177790929804839035",
"7510384289225193883495132323565491350",
"167897283921023801566351069509092811624",
"152459742311615754769464721731893129298",
"27023730765489381869587408075575933739",
"15642861058865626190039274894467045229",
"87038392368243578310064173052134677677",
"315436905326867735222805019273008489730",
"929185974124524584088648247489819616",
"145576031143187455441452082700999129171",
"322284059893169880777505832123610473075",
"120448050411363951768967865903746848870"
],
"threshold": 0.9
}
},
{
"signature_type": "Line",
"target": {
"file": "drivers/parport/procfs.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@66029078fee00646e2e9dbb8f41ff7819f8e7569",
"deprecated": false,
"id": "CVE-2024-50074-c1515a12",
"signature_version": "v1",
"digest": {
"line_hashes": [
"154552649295934734466493748348640793568",
"228288853666000214578969373182124228337",
"207174582992268667593761489971242106467",
"20639254659376673694930241719319139916",
"225324996740477637305284156858848251081",
"276079758031724700036418614347577740596",
"188647296736108675160188230461657366300",
"195610703345605019090290321611563819402",
"289581768838648841361804072675850024107",
"85432569789460287837863241606586336110",
"188021013727212042881149308560502214580",
"4644556171047179197279753178149491077",
"241769774033802136272297689623117647260",
"39723849621091296641547161436796327308",
"336984557236342596682035405645841254316",
"324999486769667419963491028419701509695",
"197567379086979876084234752439049828169",
"60669591761558415878255767153713615055",
"28558099577146768693619948054846757154",
"16250808598942775587408179927024095677",
"251006342539833785978694831230121313825",
"176032129050670597843630365921342427532",
"134890883639832619703473205369142556676",
"205104964007673400958902459070609568809",
"252341728763449818624177790929804839035",
"7510384289225193883495132323565491350",
"167897283921023801566351069509092811624",
"152459742311615754769464721731893129298",
"27023730765489381869587408075575933739",
"15642861058865626190039274894467045229",
"87038392368243578310064173052134677677",
"315436905326867735222805019273008489730",
"929185974124524584088648247489819616",
"145576031143187455441452082700999129171",
"322284059893169880777505832123610473075",
"120448050411363951768967865903746848870"
],
"threshold": 0.9
}
},
{
"signature_type": "Line",
"target": {
"file": "drivers/parport/procfs.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2a8b26a09c8e3ea03da1ef3cd0ef6b96e559fba6",
"deprecated": false,
"id": "CVE-2024-50074-cde9816b",
"signature_version": "v1",
"digest": {
"line_hashes": [
"154552649295934734466493748348640793568",
"228288853666000214578969373182124228337",
"207174582992268667593761489971242106467",
"20639254659376673694930241719319139916",
"225324996740477637305284156858848251081",
"276079758031724700036418614347577740596",
"188647296736108675160188230461657366300",
"195610703345605019090290321611563819402",
"289581768838648841361804072675850024107",
"85432569789460287837863241606586336110",
"188021013727212042881149308560502214580",
"4644556171047179197279753178149491077",
"241769774033802136272297689623117647260",
"39723849621091296641547161436796327308",
"336984557236342596682035405645841254316",
"324999486769667419963491028419701509695",
"197567379086979876084234752439049828169",
"60669591761558415878255767153713615055",
"28558099577146768693619948054846757154",
"16250808598942775587408179927024095677",
"251006342539833785978694831230121313825",
"176032129050670597843630365921342427532",
"134890883639832619703473205369142556676",
"205104964007673400958902459070609568809",
"252341728763449818624177790929804839035",
"7510384289225193883495132323565491350",
"167897283921023801566351069509092811624",
"152459742311615754769464721731893129298",
"27023730765489381869587408075575933739",
"15642861058865626190039274894467045229",
"87038392368243578310064173052134677677",
"315436905326867735222805019273008489730",
"929185974124524584088648247489819616",
"145576031143187455441452082700999129171",
"322284059893169880777505832123610473075",
"120448050411363951768967865903746848870"
],
"threshold": 0.9
}
},
{
"signature_type": "Line",
"target": {
"file": "drivers/parport/procfs.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1826b6d69bbb7f9ae8711827facbb2ad7f8d0aaa",
"deprecated": false,
"id": "CVE-2024-50074-d8745bb4",
"signature_version": "v1",
"digest": {
"line_hashes": [
"154552649295934734466493748348640793568",
"228288853666000214578969373182124228337",
"207174582992268667593761489971242106467",
"20639254659376673694930241719319139916",
"225324996740477637305284156858848251081",
"276079758031724700036418614347577740596",
"188647296736108675160188230461657366300",
"195610703345605019090290321611563819402",
"289581768838648841361804072675850024107",
"85432569789460287837863241606586336110",
"188021013727212042881149308560502214580",
"4644556171047179197279753178149491077",
"241769774033802136272297689623117647260",
"39723849621091296641547161436796327308",
"336984557236342596682035405645841254316",
"324999486769667419963491028419701509695",
"197567379086979876084234752439049828169",
"60669591761558415878255767153713615055",
"28558099577146768693619948054846757154",
"16250808598942775587408179927024095677",
"251006342539833785978694831230121313825",
"176032129050670597843630365921342427532",
"134890883639832619703473205369142556676",
"205104964007673400958902459070609568809",
"252341728763449818624177790929804839035",
"7510384289225193883495132323565491350",
"167897283921023801566351069509092811624",
"152459742311615754769464721731893129298",
"27023730765489381869587408075575933739",
"15642861058865626190039274894467045229",
"87038392368243578310064173052134677677",
"315436905326867735222805019273008489730",
"929185974124524584088648247489819616",
"145576031143187455441452082700999129171",
"322284059893169880777505832123610473075",
"120448050411363951768967865903746848870"
],
"threshold": 0.9
}
}
]