CVE-2024-38560

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-38560

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-38560.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-38560

Downstream

BELL-CVE-2024-38560

DEBIAN-CVE-2024-38560

DLA-3840-1

DSA-5730-1

OESA-2024-1793

OESA-2024-2076

OESA-2024-2216

OESA-2024-2218

OESA-2024-2258

SUSE-SU-2024:2362-1

SUSE-SU-2024:2365-1

SUSE-SU-2024:2372-1

SUSE-SU-2024:2384-1

SUSE-SU-2024:2385-1

SUSE-SU-2024:2394-1

SUSE-SU-2024:2495-1

SUSE-SU-2024:2571-1

SUSE-SU-2024:2892-1

SUSE-SU-2024:2896-1

SUSE-SU-2024:2901-1

SUSE-SU-2024:2939-1

SUSE-SU-2024:2940-1

Related

Published

2024-06-19T14:15:16Z

Modified

2025-08-09T19:01:27Z

Severity

7.1 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVSS Calculator

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

scsi: bfa: Ensure the copied buf is NUL terminated

Currently, we allocate a nbytes-sized kernel buffer and copy nbytes from userspace to that buffer. Later, we use sscanf on this buffer but we don't ensure that the string is terminated inside the buffer, this can lead to OOB read when using sscanf. Fix this issue by using memdupusernul instead of memdup_user.

References

Affected packages