{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-50131", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-10-21T19:36:19.955Z", "datePublished": "2024-11-05T17:10:56.981Z", "dateUpdated": "2024-11-08T15:58:44.605Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-08T15:58:44.605Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Consider the NULL character when validating the event length\n\nstrlen() returns a string length excluding the null byte. If the string\nlength equals to the maximum buffer length, the buffer will have no\nspace for the NULL terminating character.\n\nThis commit checks this condition and returns failure for it."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["kernel/trace/trace_probe.c"], "versions": [{"version": "dec65d79fd26", "lessThan": "5e3231b35272", "status": "affected", "versionType": "git"}, {"version": "dec65d79fd26", "lessThan": "02874ca52df2", "status": "affected", "versionType": "git"}, {"version": "dec65d79fd26", "lessThan": "b86b0d6eea20", "status": "affected", "versionType": "git"}, {"version": "dec65d79fd26", "lessThan": "f4ed40d1c669", "status": "affected", "versionType": "git"}, {"version": "dec65d79fd26", "lessThan": "a14a075a14af", "status": "affected", "versionType": "git"}, {"version": "dec65d79fd26", "lessThan": "5fd942598dde", "status": "affected", "versionType": "git"}, {"version": "dec65d79fd26", "lessThan": "0b6e2e22cb23", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["kernel/trace/trace_probe.c"], "versions": [{"version": "5.1", "status": "affected"}, {"version": "0", "lessThan": "5.1", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.285", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.229", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.170", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.115", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.59", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.11.6", "lessThanOrEqual": "6.11.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12-rc5", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/5e3231b352725ff4a3a0095e6035af674f2d8725"}, {"url": "https://git.kernel.org/stable/c/02874ca52df2ca2423ba6122039315ed61c25972"}, {"url": "https://git.kernel.org/stable/c/b86b0d6eea204116e4185acc35041ca4ff11a642"}, {"url": "https://git.kernel.org/stable/c/f4ed40d1c669bba1a54407d8182acdc405683f29"}, {"url": "https://git.kernel.org/stable/c/a14a075a14af8d622c576145455702591bdde09d"}, {"url": "https://git.kernel.org/stable/c/5fd942598ddeed9a212d1ff41f9f5b47bcc990a7"}, {"url": "https://git.kernel.org/stable/c/0b6e2e22cb23105fcb171ab92f0f7516c69c8471"}], "title": "tracing: Consider the NULL character when validating the event length", "x_generator": {"engine": "bippy-9e1c9544281a"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "43F0C645-25E2-4977-90D1-68667F711484", "versionEndExcluding": "5.15.170", "versionStartIncluding": "5.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "C08A77A6-E42E-4EFD-B5A1-2BF6CBBB42AE", "versionEndExcluding": "6.1.115", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "5D15CA59-D15C-4ACD-8B03-A072DEAD2081", "versionEndExcluding": "6.6.59", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E4486B12-007B-4794-9857-F07145637AA1", "versionEndExcluding": "6.11.6", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*", "matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*", "matchCriteriaId": "925478D0-3E3D-4E6F-ACD5-09F28D5DF82C", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*", "matchCriteriaId": "3C95E234-D335-4B6C-96BF-E2CEBD8654ED", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*", "matchCriteriaId": "E0F717D8-3014-4F84-8086-0124B2111379", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Consider the NULL character when validating the event length\n\nstrlen() returns a string length excluding the null byte. If the string\nlength equals to the maximum buffer length, the buffer will have no\nspace for the NULL terminating character.\n\nThis commit checks this condition and returns failure for it."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: rastreo: considerar el car\u00e1cter NULL al validar la longitud del evento strlen() devuelve una longitud de cadena que excluye el byte nulo. Si la longitud de la cadena es igual a la longitud m\u00e1xima del b\u00fafer, el b\u00fafer no tendr\u00e1 espacio para el car\u00e1cter de terminaci\u00f3n NULL. Esta confirmaci\u00f3n verifica esta condici\u00f3n y devuelve un error."}], "id": "CVE-2024-50131", "lastModified": "2024-11-08T16:15:47.497", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-11-05T18:15:15.917", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/02874ca52df2ca2423ba6122039315ed61c25972"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/0b6e2e22cb23105fcb171ab92f0f7516c69c8471"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/5e3231b352725ff4a3a0095e6035af674f2d8725"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/5fd942598ddeed9a212d1ff41f9f5b47bcc990a7"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a14a075a14af8d622c576145455702591bdde09d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b86b0d6eea204116e4185acc35041ca4ff11a642"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/f4ed40d1c669bba1a54407d8182acdc405683f29"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: tracing: Consider the NULL character when validating the event length", "id": "2323920", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2323920"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\ntracing: Consider the NULL character when validating the event length\nstrlen() returns a string length excluding the null byte. If the string\nlength equals to the maximum buffer length, the buffer will have no\nspace for the NULL terminating character.\nThis commit checks this condition and returns failure for it."], "name": "CVE-2024-50131", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-11-05T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-50131\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-50131\nhttps://lore.kernel.org/linux-cve-announce/2024110558-CVE-2024-50131-0e78@gregkh/T"], "threat_severity": "Moderate"}