{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-43839", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-08-17T09:11:59.274Z", "datePublished": "2024-08-17T09:21:55.085Z", "dateUpdated": "2024-11-05T09:40:51.563Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:40:51.563Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbna: adjust 'name' buf size of bna_tcb and bna_ccb structures\n\nTo have enough space to write all possible sprintf() args. Currently\n'name' size is 16, but the first '%s' specifier may already need at\nleast 16 characters, since 'bnad->netdev->name' is used there.\n\nFor '%d' specifiers, assume that they require:\n * 1 char for 'tx_id + tx_info->tcb[i]->id' sum, BNAD_MAX_TXQ_PER_TX is 8\n * 2 chars for 'rx_id + rx_info->rx_ctrl[i].ccb->id', BNAD_MAX_RXP_PER_RX\n is 16\n\nAnd replace sprintf with snprintf.\n\nDetected using the static analysis tool - Svace."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/brocade/bna/bna_types.h", "drivers/net/ethernet/brocade/bna/bnad.c"], "versions": [{"version": "8b230ed8ec96", "lessThan": "f121740f69ed", "status": "affected", "versionType": "git"}, {"version": "8b230ed8ec96", "lessThan": "c90b1cd7758f", "status": "affected", "versionType": "git"}, {"version": "8b230ed8ec96", "lessThan": "6ce46045f9b9", "status": "affected", "versionType": "git"}, {"version": "8b230ed8ec96", "lessThan": "6d20c4044ab4", "status": "affected", "versionType": "git"}, {"version": "8b230ed8ec96", "lessThan": "ab748dd10d87", "status": "affected", "versionType": "git"}, {"version": "8b230ed8ec96", "lessThan": "b0ff0cd0847b", "status": "affected", "versionType": "git"}, {"version": "8b230ed8ec96", "lessThan": "e0f48f51d55f", "status": "affected", "versionType": "git"}, {"version": "8b230ed8ec96", "lessThan": "c9741a03dc8e", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/brocade/bna/bna_types.h", "drivers/net/ethernet/brocade/bna/bnad.c"], "versions": [{"version": "2.6.37", "status": "affected"}, {"version": "0", "lessThan": "2.6.37", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.320", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.282", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.224", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.165", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.103", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.44", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10.3", "lessThanOrEqual": "6.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.11", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/f121740f69eda4da2de9a20a6687a13593e72540"}, {"url": "https://git.kernel.org/stable/c/c90b1cd7758fd4839909e838ae195d19f8065d76"}, {"url": "https://git.kernel.org/stable/c/6ce46045f9b90d952602e2c0b8886cfadf860bf1"}, {"url": "https://git.kernel.org/stable/c/6d20c4044ab4d0e6a99aa35853e66f0aed5589e3"}, {"url": "https://git.kernel.org/stable/c/ab748dd10d8742561f2980fea08ffb4f0cacfdef"}, {"url": "https://git.kernel.org/stable/c/b0ff0cd0847b03c0a0abe20cfa900eabcfcb9e43"}, {"url": "https://git.kernel.org/stable/c/e0f48f51d55fb187400e9787192eda09fa200ff5"}, {"url": "https://git.kernel.org/stable/c/c9741a03dc8e491e57b95fba0058ab46b7e506da"}], "title": "bna: adjust 'name' buf size of bna_tcb and bna_ccb structures", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-43839", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:08:02.344125Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-12T17:33:22.797Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-43839", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:08:02.344125Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:23.077Z"}}], "cna": {"title": "bna: adjust 'name' buf size of bna_tcb and bna_ccb structures", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "8b230ed8ec96", "lessThan": "f121740f69ed", "versionType": "git"}, {"status": "affected", "version": "8b230ed8ec96", "lessThan": "c90b1cd7758f", "versionType": "git"}, {"status": "affected", "version": "8b230ed8ec96", "lessThan": "6ce46045f9b9", "versionType": "git"}, {"status": "affected", "version": "8b230ed8ec96", "lessThan": "6d20c4044ab4", "versionType": "git"}, {"status": "affected", "version": "8b230ed8ec96", "lessThan": "ab748dd10d87", "versionType": "git"}, {"status": "affected", "version": "8b230ed8ec96", "lessThan": "b0ff0cd0847b", "versionType": "git"}, {"status": "affected", "version": "8b230ed8ec96", "lessThan": "e0f48f51d55f", "versionType": "git"}, {"status": "affected", "version": "8b230ed8ec96", "lessThan": "c9741a03dc8e", "versionType": "git"}], "programFiles": ["drivers/net/ethernet/brocade/bna/bna_types.h", "drivers/net/ethernet/brocade/bna/bnad.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "2.6.37"}, {"status": "unaffected", "version": "0", "lessThan": "2.6.37", "versionType": "custom"}, {"status": "unaffected", "version": "4.19.320", "versionType": "custom", "lessThanOrEqual": "4.19.*"}, {"status": "unaffected", "version": "5.4.282", "versionType": "custom", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.224", "versionType": "custom", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.165", "versionType": "custom", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.103", "versionType": "custom", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.44", "versionType": "custom", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.10.3", "versionType": "custom", "lessThanOrEqual": "6.10.*"}, {"status": "unaffected", "version": "6.11", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/net/ethernet/brocade/bna/bna_types.h", "drivers/net/ethernet/brocade/bna/bnad.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/f121740f69eda4da2de9a20a6687a13593e72540"}, {"url": "https://git.kernel.org/stable/c/c90b1cd7758fd4839909e838ae195d19f8065d76"}, {"url": "https://git.kernel.org/stable/c/6ce46045f9b90d952602e2c0b8886cfadf860bf1"}, {"url": "https://git.kernel.org/stable/c/6d20c4044ab4d0e6a99aa35853e66f0aed5589e3"}, {"url": "https://git.kernel.org/stable/c/ab748dd10d8742561f2980fea08ffb4f0cacfdef"}, {"url": "https://git.kernel.org/stable/c/b0ff0cd0847b03c0a0abe20cfa900eabcfcb9e43"}, {"url": "https://git.kernel.org/stable/c/e0f48f51d55fb187400e9787192eda09fa200ff5"}, {"url": "https://git.kernel.org/stable/c/c9741a03dc8e491e57b95fba0058ab46b7e506da"}], "x_generator": {"engine": "bippy-c9c4e1df01b2"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbna: adjust 'name' buf size of bna_tcb and bna_ccb structures\n\nTo have enough space to write all possible sprintf() args. Currently\n'name' size is 16, but the first '%s' specifier may already need at\nleast 16 characters, since 'bnad->netdev->name' is used there.\n\nFor '%d' specifiers, assume that they require:\n * 1 char for 'tx_id + tx_info->tcb[i]->id' sum, BNAD_MAX_TXQ_PER_TX is 8\n * 2 chars for 'rx_id + rx_info->rx_ctrl[i].ccb->id', BNAD_MAX_RXP_PER_RX\n is 16\n\nAnd replace sprintf with snprintf.\n\nDetected using the static analysis tool - Svace."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-09-15T17:54:03.237Z"}}}, "cveMetadata": {"cveId": "CVE-2024-43839", "state": "PUBLISHED", "dateUpdated": "2024-09-15T17:54:03.237Z", "dateReserved": "2024-08-17T09:11:59.274Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-08-17T09:21:55.085Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "F33F692E-575D-4F55-A0CC-1A294872D3B8", "versionEndExcluding": "6.1.103", "versionStartIncluding": "2.6.37", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "CC912330-6B41-4C6B-99AF-F3857FBACB6A", "versionEndExcluding": "6.6.44", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "92D388F2-1EAF-4CFA-AC06-5B26D762EA7D", "versionEndExcluding": "6.10.3", "versionStartIncluding": "6.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbna: adjust 'name' buf size of bna_tcb and bna_ccb structures\n\nTo have enough space to write all possible sprintf() args. Currently\n'name' size is 16, but the first '%s' specifier may already need at\nleast 16 characters, since 'bnad->netdev->name' is used there.\n\nFor '%d' specifiers, assume that they require:\n * 1 char for 'tx_id + tx_info->tcb[i]->id' sum, BNAD_MAX_TXQ_PER_TX is 8\n * 2 chars for 'rx_id + rx_info->rx_ctrl[i].ccb->id', BNAD_MAX_RXP_PER_RX\n is 16\n\nAnd replace sprintf with snprintf.\n\nDetected using the static analysis tool - Svace."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bna: ajuste el tama\u00f1o del buf 'nombre' de las estructuras bna_tcb y bna_ccb para tener suficiente espacio para escribir todos los argumentos posibles de sprintf(). Actualmente el tama\u00f1o de 'nombre' es 16, pero es posible que el primer especificador '%s' ya necesite al menos 16 caracteres, ya que all\u00ed se usa 'bnad->netdev->name'. Para los especificadores '%d', supongamos que requieren: * 1 car\u00e1cter para la suma 'tx_id + tx_info->tcb[i]->id', BNAD_MAX_TXQ_PER_TX es 8 * 2 caracteres para 'rx_id + rx_info->rx_ctrl[i]. ccb->id', BNAD_MAX_RXP_PER_RX es 16 y reemplace sprintf con snprintf. Detectado utilizando la herramienta de an\u00e1lisis est\u00e1tico - Svace."}], "id": "CVE-2024-43839", "lastModified": "2024-10-30T21:49:21.520", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-08-17T10:15:09.447", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/6ce46045f9b90d952602e2c0b8886cfadf860bf1"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/6d20c4044ab4d0e6a99aa35853e66f0aed5589e3"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ab748dd10d8742561f2980fea08ffb4f0cacfdef"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b0ff0cd0847b03c0a0abe20cfa900eabcfcb9e43"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c90b1cd7758fd4839909e838ae195d19f8065d76"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c9741a03dc8e491e57b95fba0058ab46b7e506da"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e0f48f51d55fb187400e9787192eda09fa200ff5"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/f121740f69eda4da2de9a20a6687a13593e72540"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: bna: adjust 'name' buf size of bna_tcb and bna_ccb structures", "id": "2305497", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2305497"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.6", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "status": "draft"}, "cwe": "CWE-120", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nbna: adjust 'name' buf size of bna_tcb and bna_ccb structures\nTo have enough space to write all possible sprintf() args. Currently\n'name' size is 16, but the first '%s' specifier may already need at\nleast 16 characters, since 'bnad->netdev->name' is used there.\nFor '%d' specifiers, assume that they require:\n* 1 char for 'tx_id + tx_info->tcb[i]->id' sum, BNAD_MAX_TXQ_PER_TX is 8\n* 2 chars for 'rx_id + rx_info->rx_ctrl[i].ccb->id', BNAD_MAX_RXP_PER_RX\nis 16\nAnd replace sprintf with snprintf.\nDetected using the static analysis tool - Svace.", "A vulnerability was found in the Linux kernel involving insufficient buffer size in the bna_tcb and bna_ccb structures. The buffer, named name, was originally 16 bytes, which was inadequate for all possible sprintf() arguments, especially when handling %s and %d specifiers. This limitation could potentially lead to buffer overflows."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-43839", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-08-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-43839\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-43839\nhttps://lore.kernel.org/linux-cve-announce/2024081729-CVE-2024-43839-ea03@gregkh/T"], "statement": "Red Hat Enterprise Linux is not vulnerable to this CVE, as it does not affect the versions or configurations of the Linux kernel used in its distributions.", "threat_severity": "Moderate"}