CVE-2024-38559 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Ensure the copied buf is NUL terminated Currently, we allocate a count-sized kernel buffer and copy count from userspace to that buffer. Later, we use kstrtouint on this buffer but we don't ensure that the string is terminated inside the buffer, this can lead to OOB read when using kstrtouint. Fix this issue by using memdup_user_nul instead of memdup_user.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Linux	Linux Kernel
Redhat	Enterprise Linux Rhel Eus

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 8
kernel-rt-0:4.18.0-553.22.1.rt7.363.el8_10	cpe:/a:redhat:enterprise_linux:8::nfv	RHSA-2024:7001	2024-09-24T00:00:00Z
kernel-0:4.18.0-553.22.1.el8_10	cpe:/o:redhat:enterprise_linux:8	RHSA-2024:7000	2024-09-24T00:00:00Z
Red Hat Enterprise Linux 9
kernel-0:5.14.0-427.35.1.el9_4	cpe:/a:redhat:enterprise_linux:9	RHSA-2024:6567	2024-09-11T00:00:00Z
kernel-0:5.14.0-427.35.1.el9_4	cpe:/o:redhat:enterprise_linux:9	RHSA-2024:6567	2024-09-11T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support
kernel-0:5.14.0-284.84.1.el9_2	cpe:/a:redhat:rhel_eus:9.2	RHSA-2024:6744	2024-09-18T00:00:00Z
kernel-rt-0:5.14.0-284.84.1.rt14.369.el9_2	cpe:/a:redhat:rhel_eus:9.2::nfv	RHSA-2024:6745	2024-09-18T00:00:00Z

References

Link	Providers
https://git.kernel.org/stable/c/177f43c6892e6055de6541fe9391a8a3d1f95fc9
https://git.kernel.org/stable/c/1f84a2744ad813be23fc4be99fb74bfb24aadb95
https://git.kernel.org/stable/c/4907f5ad246fa9b51093ed7dfc7da9ebbd3f20b8
https://git.kernel.org/stable/c/563e609275927c0b75fbfd0d90441543aa7b5e0d
https://git.kernel.org/stable/c/769b9fd2af02c069451fe9108dba73355d9a021c
https://git.kernel.org/stable/c/a75001678e1d38aa607d5b898ec7ff8ed0700d59
https://git.kernel.org/stable/c/d0184a375ee797eb657d74861ba0935b6e405c62
https://git.kernel.org/stable/c/d93318f19d1e1a6d5f04f5d965eaa9055bb7c613
https://git.kernel.org/stable/c/dccd97b39ab2f2b1b9a47a1394647a4d65815255
https://lore.kernel.org/linux-cve-announce/2024061953-CVE-2024-38559-3e03@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-38559
https://www.cve.org/CVERecord?id=CVE-2024-38559

History

Tue, 01 Apr 2025 18:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel

Fri, 01 Nov 2024 15:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-476

Tue, 24 Sep 2024 11:00:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/o:redhat:enterprise_linux:8

Tue, 24 Sep 2024 06:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:enterprise_linux:8::nfv

Wed, 18 Sep 2024 06:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Eus
CPEs		cpe:/a:redhat:rhel_eus:9.2 cpe:/a:redhat:rhel_eus:9.2::nfv
Vendors & Products		Redhat rhel Eus

Wed, 11 Sep 2024 10:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat Redhat enterprise Linux
CPEs		cpe:/a:redhat:enterprise_linux:9 cpe:/o:redhat:enterprise_linux:9
Vendors & Products		Redhat Redhat enterprise Linux

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-06-19T13:35:28.888Z

Updated: 2024-12-19T09:04:32.412Z

Reserved: 2024-06-18T19:36:34.922Z

Link: CVE-2024-38559

Vulnrichment

Updated: 2024-08-02T04:12:25.738Z

NVD

Status : Analyzed

Published: 2024-06-19T14:15:16.077

Modified: 2025-04-01T18:22:56.827

Link: CVE-2024-38559

Redhat

Severity : Low

Publid Date: 2024-06-19T00:00:00Z

Links: CVE-2024-38559 - Bugzilla

{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-38559", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-06-18T19:36:34.922Z", "datePublished": "2024-06-19T13:35:28.888Z", "dateUpdated": "2024-12-19T09:04:32.412Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T09:04:32.412Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qedf: Ensure the copied buf is NUL terminated\n\nCurrently, we allocate a count-sized kernel buffer and copy count from\nuserspace to that buffer. Later, we use kstrtouint on this buffer but we\ndon't ensure that the string is terminated inside the buffer, this can\nlead to OOB read when using kstrtouint. Fix this issue by using\nmemdup_user_nul instead of memdup_user."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/scsi/qedf/qedf_debugfs.c"], "versions": [{"version": "61d8658b4a435eac729966cc94cdda077a8df5cd", "lessThan": "1f84a2744ad813be23fc4be99fb74bfb24aadb95", "status": "affected", "versionType": "git"}, {"version": "61d8658b4a435eac729966cc94cdda077a8df5cd", "lessThan": "a75001678e1d38aa607d5b898ec7ff8ed0700d59", "status": "affected", "versionType": "git"}, {"version": "61d8658b4a435eac729966cc94cdda077a8df5cd", "lessThan": "769b9fd2af02c069451fe9108dba73355d9a021c", "status": "affected", "versionType": "git"}, {"version": "61d8658b4a435eac729966cc94cdda077a8df5cd", "lessThan": "dccd97b39ab2f2b1b9a47a1394647a4d65815255", "status": "affected", "versionType": "git"}, {"version": "61d8658b4a435eac729966cc94cdda077a8df5cd", "lessThan": "d93318f19d1e1a6d5f04f5d965eaa9055bb7c613", "status": "affected", "versionType": "git"}, {"version": "61d8658b4a435eac729966cc94cdda077a8df5cd", "lessThan": "563e609275927c0b75fbfd0d90441543aa7b5e0d", "status": "affected", "versionType": "git"}, {"version": "61d8658b4a435eac729966cc94cdda077a8df5cd", "lessThan": "4907f5ad246fa9b51093ed7dfc7da9ebbd3f20b8", "status": "affected", "versionType": "git"}, {"version": "61d8658b4a435eac729966cc94cdda077a8df5cd", "lessThan": "177f43c6892e6055de6541fe9391a8a3d1f95fc9", "status": "affected", "versionType": "git"}, {"version": "61d8658b4a435eac729966cc94cdda077a8df5cd", "lessThan": "d0184a375ee797eb657d74861ba0935b6e405c62", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/scsi/qedf/qedf_debugfs.c"], "versions": [{"version": "4.11", "status": "affected"}, {"version": "0", "lessThan": "4.11", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.316", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.278", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.219", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.161", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.93", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.33", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8.12", "lessThanOrEqual": "6.8.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9.3", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/1f84a2744ad813be23fc4be99fb74bfb24aadb95"}, {"url": "https://git.kernel.org/stable/c/a75001678e1d38aa607d5b898ec7ff8ed0700d59"}, {"url": "https://git.kernel.org/stable/c/769b9fd2af02c069451fe9108dba73355d9a021c"}, {"url": "https://git.kernel.org/stable/c/dccd97b39ab2f2b1b9a47a1394647a4d65815255"}, {"url": "https://git.kernel.org/stable/c/d93318f19d1e1a6d5f04f5d965eaa9055bb7c613"}, {"url": "https://git.kernel.org/stable/c/563e609275927c0b75fbfd0d90441543aa7b5e0d"}, {"url": "https://git.kernel.org/stable/c/4907f5ad246fa9b51093ed7dfc7da9ebbd3f20b8"}, {"url": "https://git.kernel.org/stable/c/177f43c6892e6055de6541fe9391a8a3d1f95fc9"}, {"url": "https://git.kernel.org/stable/c/d0184a375ee797eb657d74861ba0935b6e405c62"}], "title": "scsi: qedf: Ensure the copied buf is NUL terminated", "x_generator": {"engine": "bippy-5f407fcff5a0"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-476", "lang": "en", "description": "CWE-476 NULL Pointer Dereference"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-06-24T15:39:36.404554Z", "id": "CVE-2024-38559", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-01T14:24:43.560Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:12:25.738Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/1f84a2744ad813be23fc4be99fb74bfb24aadb95", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a75001678e1d38aa607d5b898ec7ff8ed0700d59", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/769b9fd2af02c069451fe9108dba73355d9a021c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/dccd97b39ab2f2b1b9a47a1394647a4d65815255", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/d93318f19d1e1a6d5f04f5d965eaa9055bb7c613", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/563e609275927c0b75fbfd0d90441543aa7b5e0d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/4907f5ad246fa9b51093ed7dfc7da9ebbd3f20b8", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/177f43c6892e6055de6541fe9391a8a3d1f95fc9", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/d0184a375ee797eb657d74861ba0935b6e405c62", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/1f84a2744ad813be23fc4be99fb74bfb24aadb95", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a75001678e1d38aa607d5b898ec7ff8ed0700d59", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/769b9fd2af02c069451fe9108dba73355d9a021c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/dccd97b39ab2f2b1b9a47a1394647a4d65815255", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/d93318f19d1e1a6d5f04f5d965eaa9055bb7c613", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/563e609275927c0b75fbfd0d90441543aa7b5e0d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/4907f5ad246fa9b51093ed7dfc7da9ebbd3f20b8", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/177f43c6892e6055de6541fe9391a8a3d1f95fc9", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/d0184a375ee797eb657d74861ba0935b6e405c62", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:12:25.738Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-38559", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-24T15:39:36.404554Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-24T15:41:23.193Z"}}], "cna": {"title": "scsi: qedf: Ensure the copied buf is NUL terminated", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "61d8658b4a435eac729966cc94cdda077a8df5cd", "lessThan": "1f84a2744ad813be23fc4be99fb74bfb24aadb95", "versionType": "git"}, {"status": "affected", "version": "61d8658b4a435eac729966cc94cdda077a8df5cd", "lessThan": "a75001678e1d38aa607d5b898ec7ff8ed0700d59", "versionType": "git"}, {"status": "affected", "version": "61d8658b4a435eac729966cc94cdda077a8df5cd", "lessThan": "769b9fd2af02c069451fe9108dba73355d9a021c", "versionType": "git"}, {"status": "affected", "version": "61d8658b4a435eac729966cc94cdda077a8df5cd", "lessThan": "dccd97b39ab2f2b1b9a47a1394647a4d65815255", "versionType": "git"}, {"status": "affected", "version": "61d8658b4a435eac729966cc94cdda077a8df5cd", "lessThan": "d93318f19d1e1a6d5f04f5d965eaa9055bb7c613", "versionType": "git"}, {"status": "affected", "version": "61d8658b4a435eac729966cc94cdda077a8df5cd", "lessThan": "563e609275927c0b75fbfd0d90441543aa7b5e0d", "versionType": "git"}, {"status": "affected", "version": "61d8658b4a435eac729966cc94cdda077a8df5cd", "lessThan": "4907f5ad246fa9b51093ed7dfc7da9ebbd3f20b8", "versionType": "git"}, {"status": "affected", "version": "61d8658b4a435eac729966cc94cdda077a8df5cd", "lessThan": "177f43c6892e6055de6541fe9391a8a3d1f95fc9", "versionType": "git"}, {"status": "affected", "version": "61d8658b4a435eac729966cc94cdda077a8df5cd", "lessThan": "d0184a375ee797eb657d74861ba0935b6e405c62", "versionType": "git"}], "programFiles": ["drivers/scsi/qedf/qedf_debugfs.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "4.11"}, {"status": "unaffected", "version": "0", "lessThan": "4.11", "versionType": "semver"}, {"status": "unaffected", "version": "4.19.316", "versionType": "semver", "lessThanOrEqual": "4.19.*"}, {"status": "unaffected", "version": "5.4.278", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.219", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.161", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.93", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.33", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.8.12", "versionType": "semver", "lessThanOrEqual": "6.8.*"}, {"status": "unaffected", "version": "6.9.3", "versionType": "semver", "lessThanOrEqual": "6.9.*"}, {"status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/scsi/qedf/qedf_debugfs.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/1f84a2744ad813be23fc4be99fb74bfb24aadb95"}, {"url": "https://git.kernel.org/stable/c/a75001678e1d38aa607d5b898ec7ff8ed0700d59"}, {"url": "https://git.kernel.org/stable/c/769b9fd2af02c069451fe9108dba73355d9a021c"}, {"url": "https://git.kernel.org/stable/c/dccd97b39ab2f2b1b9a47a1394647a4d65815255"}, {"url": "https://git.kernel.org/stable/c/d93318f19d1e1a6d5f04f5d965eaa9055bb7c613"}, {"url": "https://git.kernel.org/stable/c/563e609275927c0b75fbfd0d90441543aa7b5e0d"}, {"url": "https://git.kernel.org/stable/c/4907f5ad246fa9b51093ed7dfc7da9ebbd3f20b8"}, {"url": "https://git.kernel.org/stable/c/177f43c6892e6055de6541fe9391a8a3d1f95fc9"}, {"url": "https://git.kernel.org/stable/c/d0184a375ee797eb657d74861ba0935b6e405c62"}], "x_generator": {"engine": "bippy-5f407fcff5a0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qedf: Ensure the copied buf is NUL terminated\n\nCurrently, we allocate a count-sized kernel buffer and copy count from\nuserspace to that buffer. Later, we use kstrtouint on this buffer but we\ndon't ensure that the string is terminated inside the buffer, this can\nlead to OOB read when using kstrtouint. Fix this issue by using\nmemdup_user_nul instead of memdup_user."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T09:04:32.412Z"}}}, "cveMetadata": {"cveId": "CVE-2024-38559", "state": "PUBLISHED", "dateUpdated": "2024-12-19T09:04:32.412Z", "dateReserved": "2024-06-18T19:36:34.922Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-06-19T13:35:28.888Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "B7F75FBC-EB5C-493B-BE48-C659636156EA", "versionEndExcluding": "4.19.316", "versionStartIncluding": "4.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "7FDBF235-DA18-49A1-8690-6C7272FD0701", "versionEndExcluding": "5.4.278", "versionStartIncluding": "4.20", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E9063AF3-D593-43B7-810D-58B87F82F9F9", "versionEndExcluding": "5.10.219", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "31130639-53FE-4726-8986-434EE2528CB2", "versionEndExcluding": "5.15.161", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "EEFB78EE-F990-4197-BF1C-156760A55667", "versionEndExcluding": "6.1.93", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "FCE796DF-3B50-4DC6-BAE5-95271068FC9E", "versionEndExcluding": "6.6.33", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "80550309-67AB-4FD1-AC07-3DED5C4F01B2", "versionEndExcluding": "6.8.12", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E07124C1-19E8-4D21-828D-9932A01D3011", "versionEndExcluding": "6.9.3", "versionStartIncluding": "6.9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qedf: Ensure the copied buf is NUL terminated\n\nCurrently, we allocate a count-sized kernel buffer and copy count from\nuserspace to that buffer. Later, we use kstrtouint on this buffer but we\ndon't ensure that the string is terminated inside the buffer, this can\nlead to OOB read when using kstrtouint. Fix this issue by using\nmemdup_user_nul instead of memdup_user."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: scsi: qedf: aseg\u00farese de que el buf copiado tenga terminaci\u00f3n NUL. Actualmente, asignamos un b\u00fafer del kernel del tama\u00f1o de un conteo y copiamos el conteo desde el espacio de usuario a ese b\u00fafer. M\u00e1s adelante, usamos kstrtouint en este b\u00fafer pero no nos aseguramos de que la cadena termine dentro del b\u00fafer, esto puede provocar una lectura OOB cuando usamos kstrtouint. Solucione este problema utilizando memdup_user_nul en lugar de memdup_user."}], "id": "CVE-2024-38559", "lastModified": "2025-04-01T18:22:56.827", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-06-19T14:15:16.077", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/177f43c6892e6055de6541fe9391a8a3d1f95fc9"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/1f84a2744ad813be23fc4be99fb74bfb24aadb95"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4907f5ad246fa9b51093ed7dfc7da9ebbd3f20b8"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/563e609275927c0b75fbfd0d90441543aa7b5e0d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/769b9fd2af02c069451fe9108dba73355d9a021c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a75001678e1d38aa607d5b898ec7ff8ed0700d59"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/d0184a375ee797eb657d74861ba0935b6e405c62"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/d93318f19d1e1a6d5f04f5d965eaa9055bb7c613"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/dccd97b39ab2f2b1b9a47a1394647a4d65815255"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/177f43c6892e6055de6541fe9391a8a3d1f95fc9"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/1f84a2744ad813be23fc4be99fb74bfb24aadb95"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4907f5ad246fa9b51093ed7dfc7da9ebbd3f20b8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/563e609275927c0b75fbfd0d90441543aa7b5e0d"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/769b9fd2af02c069451fe9108dba73355d9a021c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a75001678e1d38aa607d5b898ec7ff8ed0700d59"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/d0184a375ee797eb657d74861ba0935b6e405c62"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/d93318f19d1e1a6d5f04f5d965eaa9055bb7c613"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/dccd97b39ab2f2b1b9a47a1394647a4d65815255"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2024:7001", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-553.22.1.rt7.363.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-09-24T00:00:00Z"}, {"advisory": "RHSA-2024:7000", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-553.22.1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-09-24T00:00:00Z"}, {"advisory": "RHSA-2024:6567", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-427.35.1.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-09-11T00:00:00Z"}, {"advisory": "RHSA-2024:6567", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-427.35.1.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-09-11T00:00:00Z"}, {"advisory": "RHSA-2024:6744", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "kernel-0:5.14.0-284.84.1.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6745", "cpe": "cpe:/a:redhat:rhel_eus:9.2::nfv", "package": "kernel-rt-0:5.14.0-284.84.1.rt14.369.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-09-18T00:00:00Z"}], "bugzilla": {"description": "kernel: scsi: qedf: Ensure the copied buf is NUL terminated", "id": "2293440", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293440"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-125", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nscsi: qedf: Ensure the copied buf is NUL terminated\nCurrently, we allocate a count-sized kernel buffer and copy count from\nuserspace to that buffer. Later, we use kstrtouint on this buffer but we\ndon't ensure that the string is terminated inside the buffer, this can\nlead to OOB read when using kstrtouint. Fix this issue by using\nmemdup_user_nul instead of memdup_user."], "name": "CVE-2024-38559", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-06-19T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-38559\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-38559\nhttps://lore.kernel.org/linux-cve-announce/2024061953-CVE-2024-38559-3e03@gregkh/T"], "threat_severity": "Low"}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object