← Back

CVE-2024-42236

nvd nist
Published: Aug 7, 2024Modified: Nov 3, 2025

JSON object

Loading...
5.5
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Exploitability: 1.8 / Impact: 3.6
Source: NVD

Description

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() Userspace provided string 's' could trivially have the length zero. Left unchecked this will firstly result in an OOB read in the form `if (str[0 - 1] == '\n') followed closely by an OOB write in the form `str[0 - 1] = '\0'`. There is already a validating check to catch strings that are too long. Let's supply an additional check for invalid strings that are too short.

Affected (7)

Products: Linux: Linux Kernel
Linux
1 product
Linux Kernel
Configuration A
7 vulnerable
Vulnerable SoftwareAffected Versions
Linux
Linux Kernel
Before 4.19.318
Linux Kernel
From 4.20 to 5.4.280
Linux Kernel
From 5.11 to 5.15.163
Linux Kernel
From 5.16 to 6.1.100
Linux Kernel
From 5.5 to 5.10.222
Linux Kernel
From 6.2 to 6.6.41
Linux Kernel
From 6.7 to 6.9.10

Related CWEs

CWE-787
Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.

References (9)

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.