In the Linux kernel, the following vulnerability has been resolved:
octeontx2-af: avoid off-by-one read from userspace
We try to access count + 1 byte from userspace with memdupuser(buffer, count + 1). However, the userspace only provides buffer of count bytes and only these count bytes are verified to be okay to access. To ensure the copied buffer is NUL terminated, we use memdupuser_nul instead.
{ "vanir_signatures": [ { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0a0285cee11c7dcc2657bcd456e469958a5009e7", "signature_type": "Line", "target": { "file": "drivers/net/ethernet/marvell/octeontx2/af/rvu_debugfs.c" }, "deprecated": false, "digest": { "line_hashes": [ "221726158928428964552452994697500947166", "235814961489920695242538310372263679293", "130976211013413057470362896622496622235", "61358132294862794420012144921019775862", "154459949550628574007645824551981660135", "43945223702762134213295653397128922860", "244783167022637498970117629505168355979" ], "threshold": 0.9 }, "id": "CVE-2024-36957-18866cb6" }, { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@bcdac70adceb44373da204c3c297f2a98e13216e", "signature_type": "Function", "target": { "function": "rvu_dbg_qsize_write", "file": "drivers/net/ethernet/marvell/octeontx2/af/rvu_debugfs.c" }, "deprecated": false, "digest": { "length": 1020.0, "function_hash": "245544025096214184394678262650474137455" }, "id": "CVE-2024-36957-33140cfd" }, { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fc3e0076c1f82fe981d321e3a7bad4cbee542c19", "signature_type": "Function", "target": { "function": "rvu_dbg_qsize_write", "file": "drivers/net/ethernet/marvell/octeontx2/af/rvu_debugfs.c" }, "deprecated": false, "digest": { "length": 1237.0, "function_hash": "320444459762511642697727111547133903725" }, "id": "CVE-2024-36957-365107ad" }, { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ec697fbd38cbe2eef0948b58673b146caa95402f", "signature_type": "Function", "target": { "function": "rvu_dbg_qsize_write", "file": "drivers/net/ethernet/marvell/octeontx2/af/rvu_debugfs.c" }, "deprecated": false, "digest": { "length": 1237.0, "function_hash": "320444459762511642697727111547133903725" }, "id": "CVE-2024-36957-57ae2c78" }, { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f299ee709fb45036454ca11e90cb2810fe771878", "signature_type": "Function", "target": { "function": "rvu_dbg_qsize_write", "file": "drivers/net/ethernet/marvell/octeontx2/af/rvu_debugfs.c" }, "deprecated": false, "digest": { "length": 1237.0, "function_hash": "320444459762511642697727111547133903725" }, "id": "CVE-2024-36957-7044ee26" }, { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@bcdac70adceb44373da204c3c297f2a98e13216e", "signature_type": "Line", "target": { "file": "drivers/net/ethernet/marvell/octeontx2/af/rvu_debugfs.c" }, "deprecated": false, "digest": { "line_hashes": [ "209741554038085937235220976059020689729", "235814961489920695242538310372263679293", "130976211013413057470362896622496622235", "61358132294862794420012144921019775862", "154459949550628574007645824551981660135", "43945223702762134213295653397128922860", "244783167022637498970117629505168355979" ], "threshold": 0.9 }, "id": "CVE-2024-36957-a5a894de" }, { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fc3e0076c1f82fe981d321e3a7bad4cbee542c19", "signature_type": "Line", "target": { "file": "drivers/net/ethernet/marvell/octeontx2/af/rvu_debugfs.c" }, "deprecated": false, "digest": { "line_hashes": [ "221726158928428964552452994697500947166", "235814961489920695242538310372263679293", "130976211013413057470362896622496622235", "61358132294862794420012144921019775862", "154459949550628574007645824551981660135", "43945223702762134213295653397128922860", "244783167022637498970117629505168355979" ], "threshold": 0.9 }, "id": "CVE-2024-36957-b1fa1b05" }, { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ec697fbd38cbe2eef0948b58673b146caa95402f", "signature_type": "Line", "target": { "file": "drivers/net/ethernet/marvell/octeontx2/af/rvu_debugfs.c" }, "deprecated": false, "digest": { "line_hashes": [ "221726158928428964552452994697500947166", "235814961489920695242538310372263679293", "130976211013413057470362896622496622235", "61358132294862794420012144921019775862", "154459949550628574007645824551981660135", "43945223702762134213295653397128922860", "244783167022637498970117629505168355979" ], "threshold": 0.9 }, "id": "CVE-2024-36957-eb4f07c0" }, { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0a0285cee11c7dcc2657bcd456e469958a5009e7", "signature_type": "Function", "target": { "function": "rvu_dbg_qsize_write", "file": "drivers/net/ethernet/marvell/octeontx2/af/rvu_debugfs.c" }, "deprecated": false, "digest": { "length": 1237.0, "function_hash": "320444459762511642697727111547133903725" }, "id": "CVE-2024-36957-ef7ca999" }, { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f299ee709fb45036454ca11e90cb2810fe771878", "signature_type": "Line", "target": { "file": "drivers/net/ethernet/marvell/octeontx2/af/rvu_debugfs.c" }, "deprecated": false, "digest": { "line_hashes": [ "221726158928428964552452994697500947166", "235814961489920695242538310372263679293", "130976211013413057470362896622496622235", "61358132294862794420012144921019775862", "154459949550628574007645824551981660135", "43945223702762134213295653397128922860", "244783167022637498970117629505168355979" ], "threshold": 0.9 }, "id": "CVE-2024-36957-f8eab9f7" } ] }