CVE-2024-36010

drivers/net/ethernet/intel/igb/igbmain.c:3092:53: warning：‘%d’ directive output may be truncated writing between 1 and 5 bytes into a region of size between 1 and 13 [-Wformat-truncation=] 3092 | "%d.%d, 0x%08x, %d.%d.%d", | ^~ drivers/net/ethernet/intel/igb/igbmain.c:3092:34: note：directive argument in the range [0, 65535] 3092 | "%d.%d, 0x%08x, %d.%d.%d", | ^~~~~~~~~~~~~~~~~~~~~~~~~ drivers/net/ethernet/intel/igb/igbmain.c:3092:34: note：directive argument in the range [0, 65535] drivers/net/ethernet/intel/igb/igbmain.c:3090:25: note：‘snprintf’ output between 23 and 43 bytes into a destination of size 32

kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure.

Fix this warning by using a larger space for adapter->fw_version, and then fall back and continue to use snprintf.

Database specific

{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/36xxx/CVE-2024-36010.json"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

1978d3ead82c8e39d739dd4e19b1ea7bf923dfb4

Fixed

c56d055893cbe97848611855d1c97d0ab171eccc

Affected versions

v6.*

v6.6

v6.6-rc6

v6.6-rc7

v6.7

v6.7-rc1

v6.7-rc2

v6.7-rc3

v6.7-rc4

v6.7-rc5

v6.7-rc6

v6.7-rc7

v6.7-rc8

v6.8-rc1

v6.8-rc2

v6.8-rc3

Database specific

vanir_signatures

[
    {
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c56d055893cbe97848611855d1c97d0ab171eccc",
        "id": "CVE-2024-36010-27e43580",
        "target": {
            "file": "drivers/net/ethernet/intel/igb/igb_main.c"
        },
        "digest": {
            "line_hashes": [
                "264630873303528354234594234757384893209",
                "192546577984957803930153934008699540477",
                "260583965145636251388245239543816490362",
                "241121016961265880912220938828621607764",
                "292233692931309830684849834295721482305",
                "183858153887215250220583187542107203677",
                "110703952026529928542562580108294876311",
                "321843234937314592974502790354709143408",
                "251239468569929242356039496912289195315",
                "156979234225482950177429742085402613015",
                "110440341735689238225132868989859540284",
                "235054235746523136123625027199072349514",
                "280944394752210552964342591318877095098",
                "319798168586458841189063009086200747219",
                "249327998837185198553306316776796812153",
                "226509102142245313996341292495191488349",
                "246180611322370665698500135551883878515",
                "142634630971483634138700737852797241585",
                "322279867146518424913987757946952949716",
                "23303118180514488120106908124190878888",
                "285655843575322862668519076774699196872",
                "296861559683027895238988682886847472928",
                "100248463510007238601108427423549565501",
                "160303136357056988360331249448908572700",
                "100618824620553424510921864600380113567",
                "75207363444552847625509237905720634809",
                "128355751334843349205421795200508700969",
                "327937711863609273959197769540888841436",
                "206417634803429583902768384055487845204",
                "164152327773494347575002260742763941276",
                "169638199530083314818185099509102761200"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "signature_version": "v1"
    },
    {
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c56d055893cbe97848611855d1c97d0ab171eccc",
        "id": "CVE-2024-36010-4db259b5",
        "target": {
            "file": "drivers/net/ethernet/intel/igb/igb.h"
        },
        "digest": {
            "line_hashes": [
                "125595118803634832199479164266113741248",
                "140627989249046612409521222511842073275",
                "212089901026090760128748525419434394391",
                "291724317741557241088120606789350993947"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "signature_version": "v1"
    },
    {
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c56d055893cbe97848611855d1c97d0ab171eccc",
        "id": "CVE-2024-36010-b6890ff4",
        "target": {
            "file": "drivers/net/ethernet/intel/igb/igb_main.c",
            "function": "igb_set_fw_version"
        },
        "digest": {
            "function_hash": "329462038803968418167468448238591111362",
            "length": 908.0
        },
        "signature_type": "Function",
        "signature_version": "v1"
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-36010.json"