In the Linux kernel, the following vulnerability has been resolved:
init/main.c: Fix potential staticcommandline memory overflow
We allocate memory of size 'xlen + strlen(bootcommandline) + 1' for staticcommandline, but the strings copied into staticcommandline are extracommandline and commandline, rather than extracommandline and bootcommand_line.
When strlen(commandline) > strlen(bootcommandline), staticcommand_line will overflow.
This patch just recovers strlen(commandline) which was miss-consolidated with strlen(bootcommandline) in the commit f5c7310ac73e ("init/main: add checks for the return value of memblockalloc*()")
{ "vanir_signatures": [ { "deprecated": false, "signature_type": "Function", "target": { "file": "init/main.c", "function": "setup_command_line" }, "id": "CVE-2024-26988-0c13c117", "digest": { "length": 1262.0, "function_hash": "148288149016477273280138933132441158108" }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@936a02b5a9630c5beb0353c3085cc49d86c57034" }, { "deprecated": false, "signature_type": "Line", "target": { "file": "init/main.c" }, "id": "CVE-2024-26988-12212d94", "digest": { "line_hashes": [ "134165154373422893428646853738334628083", "7311478621643392883850913011629793823", "106233825654800653449484651555485100806" ], "threshold": 0.9 }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@936a02b5a9630c5beb0353c3085cc49d86c57034" }, { "deprecated": false, "signature_type": "Function", "target": { "file": "init/main.c", "function": "setup_command_line" }, "id": "CVE-2024-26988-466fa556", "digest": { "length": 1203.0, "function_hash": "4363967448032384703875608578182800859" }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@76c2f4d426a5358fced5d5990744d46f10a4ccea" }, { "deprecated": false, "signature_type": "Line", "target": { "file": "init/main.c" }, "id": "CVE-2024-26988-52a46729", "digest": { "line_hashes": [ "134165154373422893428646853738334628083", "7311478621643392883850913011629793823", "106233825654800653449484651555485100806" ], "threshold": 0.9 }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2ef607ea103616aec0289f1b65d103d499fa903a" }, { "deprecated": false, "signature_type": "Function", "target": { "file": "init/main.c", "function": "setup_command_line" }, "id": "CVE-2024-26988-7190103f", "digest": { "length": 1262.0, "function_hash": "148288149016477273280138933132441158108" }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@46dad3c1e57897ab9228332f03e1c14798d2d3b9" }, { "deprecated": false, "signature_type": "Function", "target": { "file": "init/main.c", "function": "setup_command_line" }, "id": "CVE-2024-26988-a4d6b667", "digest": { "length": 1059.0, "function_hash": "298170871291743098595205777475767638482" }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2ef607ea103616aec0289f1b65d103d499fa903a" }, { "deprecated": false, "signature_type": "Line", "target": { "file": "init/main.c" }, "id": "CVE-2024-26988-a70caeec", "digest": { "line_hashes": [ "134165154373422893428646853738334628083", "7311478621643392883850913011629793823", "106233825654800653449484651555485100806" ], "threshold": 0.9 }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@81cf85ae4f2dd5fa3e43021782aa72c4c85558e8" }, { "deprecated": false, "signature_type": "Line", "target": { "file": "init/main.c" }, "id": "CVE-2024-26988-a9114fd9", "digest": { "line_hashes": [ "134165154373422893428646853738334628083", "7311478621643392883850913011629793823", "106233825654800653449484651555485100806" ], "threshold": 0.9 }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0dc727a4e05400205358a22c3d01ccad2c8e1fe4" }, { "deprecated": false, "signature_type": "Function", "target": { "file": "init/main.c", "function": "setup_command_line" }, "id": "CVE-2024-26988-b028c0e9", "digest": { "length": 1262.0, "function_hash": "148288149016477273280138933132441158108" }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@81cf85ae4f2dd5fa3e43021782aa72c4c85558e8" }, { "deprecated": false, "signature_type": "Function", "target": { "file": "init/main.c", "function": "setup_command_line" }, "id": "CVE-2024-26988-c0b1f651", "digest": { "length": 1203.0, "function_hash": "4363967448032384703875608578182800859" }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0dc727a4e05400205358a22c3d01ccad2c8e1fe4" }, { "deprecated": false, "signature_type": "Line", "target": { "file": "init/main.c" }, "id": "CVE-2024-26988-cde1229d", "digest": { "line_hashes": [ "134165154373422893428646853738334628083", "7311478621643392883850913011629793823", "106233825654800653449484651555485100806" ], "threshold": 0.9 }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@76c2f4d426a5358fced5d5990744d46f10a4ccea" }, { "deprecated": false, "signature_type": "Line", "target": { "file": "init/main.c" }, "id": "CVE-2024-26988-d7691b6f", "digest": { "line_hashes": [ "134165154373422893428646853738334628083", "7311478621643392883850913011629793823", "106233825654800653449484651555485100806" ], "threshold": 0.9 }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@46dad3c1e57897ab9228332f03e1c14798d2d3b9" } ] }