In the Linux kernel, the following vulnerability has been resolved:
scsi: qedf: Ensure the copied buf is NUL terminated
Currently, we allocate a count-sized kernel buffer and copy count from userspace to that buffer. Later, we use kstrtouint on this buffer but we don't ensure that the string is terminated inside the buffer, this can lead to OOB read when using kstrtouint. Fix this issue by using memdupusernul instead of memdup_user.
[
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@563e609275927c0b75fbfd0d90441543aa7b5e0d",
"target": {
"file": "drivers/scsi/qedf/qedf_debugfs.c"
},
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2024-38559-108ece64",
"digest": {
"line_hashes": [
"260928844501890140479183255918780860731",
"171022941439536968635068802453684793355",
"289938909415365621076931244951204499392",
"169115983075687269653763243436106699343"
],
"threshold": 0.9
},
"signature_type": "Line"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@dccd97b39ab2f2b1b9a47a1394647a4d65815255",
"target": {
"file": "drivers/scsi/qedf/qedf_debugfs.c"
},
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2024-38559-1f7387ca",
"digest": {
"line_hashes": [
"260928844501890140479183255918780860731",
"171022941439536968635068802453684793355",
"289938909415365621076931244951204499392",
"169115983075687269653763243436106699343"
],
"threshold": 0.9
},
"signature_type": "Line"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d93318f19d1e1a6d5f04f5d965eaa9055bb7c613",
"target": {
"file": "drivers/scsi/qedf/qedf_debugfs.c"
},
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2024-38559-2d8a4a74",
"digest": {
"line_hashes": [
"260928844501890140479183255918780860731",
"171022941439536968635068802453684793355",
"289938909415365621076931244951204499392",
"169115983075687269653763243436106699343"
],
"threshold": 0.9
},
"signature_type": "Line"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4907f5ad246fa9b51093ed7dfc7da9ebbd3f20b8",
"target": {
"file": "drivers/scsi/qedf/qedf_debugfs.c"
},
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2024-38559-412e9513",
"digest": {
"line_hashes": [
"260928844501890140479183255918780860731",
"171022941439536968635068802453684793355",
"289938909415365621076931244951204499392",
"169115983075687269653763243436106699343"
],
"threshold": 0.9
},
"signature_type": "Line"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d0184a375ee797eb657d74861ba0935b6e405c62",
"target": {
"file": "drivers/scsi/qedf/qedf_debugfs.c"
},
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2024-38559-584d471f",
"digest": {
"line_hashes": [
"260928844501890140479183255918780860731",
"171022941439536968635068802453684793355",
"289938909415365621076931244951204499392",
"169115983075687269653763243436106699343"
],
"threshold": 0.9
},
"signature_type": "Line"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1f84a2744ad813be23fc4be99fb74bfb24aadb95",
"target": {
"file": "drivers/scsi/qedf/qedf_debugfs.c"
},
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2024-38559-6476f1f0",
"digest": {
"line_hashes": [
"260928844501890140479183255918780860731",
"171022941439536968635068802453684793355",
"289938909415365621076931244951204499392",
"169115983075687269653763243436106699343"
],
"threshold": 0.9
},
"signature_type": "Line"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@177f43c6892e6055de6541fe9391a8a3d1f95fc9",
"target": {
"file": "drivers/scsi/qedf/qedf_debugfs.c"
},
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2024-38559-94ec895a",
"digest": {
"line_hashes": [
"260928844501890140479183255918780860731",
"171022941439536968635068802453684793355",
"289938909415365621076931244951204499392",
"169115983075687269653763243436106699343"
],
"threshold": 0.9
},
"signature_type": "Line"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a75001678e1d38aa607d5b898ec7ff8ed0700d59",
"target": {
"file": "drivers/scsi/qedf/qedf_debugfs.c"
},
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2024-38559-e28c966d",
"digest": {
"line_hashes": [
"260928844501890140479183255918780860731",
"171022941439536968635068802453684793355",
"289938909415365621076931244951204499392",
"169115983075687269653763243436106699343"
],
"threshold": 0.9
},
"signature_type": "Line"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@769b9fd2af02c069451fe9108dba73355d9a021c",
"target": {
"file": "drivers/scsi/qedf/qedf_debugfs.c"
},
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2024-38559-fc23b601",
"digest": {
"line_hashes": [
"260928844501890140479183255918780860731",
"171022941439536968635068802453684793355",
"289938909415365621076931244951204499392",
"169115983075687269653763243436106699343"
],
"threshold": 0.9
},
"signature_type": "Line"
}
]