CVE-2024-38559
Published: Jun 19, 2024
Modified: May 12, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Ensure the copied buf is NUL terminated Currently, we allocate a count-sized kernel buffer and copy count from userspace to that buffer. Later, we use kstrtouint on this buffer but we don't ensure that the string is terminated inside the buffer, this can lead to OOB read when using kstrtouint. Fix this issue by using memdup_user_nul instead of memdup_user.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 61d8658b4a435eac729966cc94cdda077a8df5cd - < 1f84a2744ad813be23fc4be99fb74bfb24aadb95affected 61d8658b4a435eac729966cc94cdda077a8df5cd - < a75001678e1d38aa607d5b898ec7ff8ed0700d59affected 61d8658b4a435eac729966cc94cdda077a8df5cd - < 769b9fd2af02c069451fe9108dba73355d9a021caffected 61d8658b4a435eac729966cc94cdda077a8df5cd - < dccd97b39ab2f2b1b9a47a1394647a4d65815255affected 61d8658b4a435eac729966cc94cdda077a8df5cd - < d93318f19d1e1a6d5f04f5d965eaa9055bb7c613+4 more versions |
Linux | Linux | affected 4.11unaffected 0 - < 4.11unaffected 4.19.316 - <= 4.19.*unaffected 5.4.278 - <= 5.4.*unaffected 5.10.219 - <= 5.10.*+6 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now