In the Linux kernel, the following vulnerability has been resolved:
crypto: virtio/akcipher - Fix stack overflow on memcpy
sizeof(struct virtio_crypto_akcipher_session_para) is less than
sizeof(struct virtio_crypto_op_ctrl_req::u), copying more bytes from
stack variable leads stack overflow. Clang reports this issue by
commands:
make -j CC=clang-14 mrproper >/dev/null 2>&1
make -j O=/tmp/crypto-build CC=clang-14 allmodconfig >/dev/null 2>&1
make -j O=/tmp/crypto-build W=1 CC=clang-14 drivers/crypto/virtio/
virtio_crypto_akcipher_algs.o
Metrics
Affected Vendors & Products
References
History
Thu, 12 Sep 2024 20:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Wed, 11 Sep 2024 13:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: Linux
Published: 2024-04-03T17:00:38.148Z
Updated: 2024-09-11T17:33:15.875Z
Reserved: 2024-02-19T14:20:24.169Z
Link: CVE-2024-26753
Vulnrichment
Updated: 2024-08-02T00:14:13.229Z
NVD
Status : Awaiting Analysis
Published: 2024-04-03T17:15:51.990
Modified: 2024-06-25T22:15:21.980
Link: CVE-2024-26753
Redhat