CVE-2024-53681

Published: Jan 15, 2025Modified: Jun 17, 2026

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

In the Linux kernel, the following vulnerability has been resolved: nvmet: Don't overflow subsysnqn nvmet_root_discovery_nqn_store treats the subsysnqn string like a fixed size buffer, even though it is dynamically allocated to the size of the string. Create a new string with kstrndup instead of using the old buffer.

Affected (12)

Products: Linux: Linux Kernel

Linux

1 product

Linux Kernel

Configuration A

12 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 6.9.1 to 6.12.9
Linux Linux Kernel	Version 6.13 rc1
Linux Linux Kernel	Version 6.13 rc2
Linux Linux Kernel	Version 6.13 rc3
Linux Linux Kernel	Version 6.13 rc4
Linux Linux Kernel	Version 6.13 rc5
Linux Linux Kernel	Version 6.9
Linux Linux Kernel	Version 6.9 rc3
Linux Linux Kernel	Version 6.9 rc4
Linux Linux Kernel	Version 6.9 rc5
Linux Linux Kernel	Version 6.9 rc6
Linux Linux Kernel	Version 6.9 rc7

Related CWEs

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (2)

https://git.kernel.org/stable/c/4db3d750ac7e894278ef1cb1c53cc7d883060496

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/86645d8d062af3fdcbdaa0a289b95de55bca827d

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

Timeline

No history available yet.