Vulnerabilities > CVE-2024-49995 - Unspecified vulnerability in Linux Kernel
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
In the Linux kernel, the following vulnerability has been resolved: tipc: guard against string buffer overrun Smatch reports that copying media_name and if_name to name_parts may overwrite the destination. .../bearer.c:166 bearer_name_validate() error: strcpy() 'media_name' too large for 'name_parts->media_name' (32 vs 16) .../bearer.c:167 bearer_name_validate() error: strcpy() 'if_name' too large for 'name_parts->if_name' (1010102 vs 16) This does seem to be the case so guard against this possibility by using strscpy() and failing if truncation occurs. Introduced by commit b97bf3fd8f6a ("[TIPC] Initial merge") Compile tested only.
Vulnerable Configurations
References
- https://git.kernel.org/stable/c/e2b2558971e02ca33eb637a8350d68a48b3e8e46
- https://git.kernel.org/stable/c/54dae0e9063ed23c9acf8d5ab9b18d3426a8ac18
- https://git.kernel.org/stable/c/80c0be7bcf940ce9308311575c3aff8983c9b97a
- https://git.kernel.org/stable/c/12d26aa7fd3cbdbc5149b6e516563478d575026e
- https://git.kernel.org/stable/c/2ed7f42dfd3edb387034128ca5b0f639836d4ddd
- https://git.kernel.org/stable/c/a18c7b239d02aafb791ae2c45226f6bb40641792
- https://git.kernel.org/stable/c/6555a2a9212be6983d2319d65276484f7c5f431a