CVE-2024-38585

Sažetak

In the Linux kernel, the following vulnerability has been resolved: tools/nolibc/stdlib: fix memory error in realloc() Pass user_p_len to memcpy() instead of heap->len to prevent realloc() from copying an extra sizeof(heap) bytes from beyond the allocated region.

Reference

https://git.kernel.org/stable/c/4e6f225aefeb712cdb870176b6621f02cf235b8c
https://git.kernel.org/stable/c/5996b2b2dac739f2a27da13de8eee5b85b2550b3
https://git.kernel.org/stable/c/791f4641142e2aced85de082e5783b4fb0b977c2
https://git.kernel.org/stable/c/8019d3dd921f39a237a9fab6d2ce716bfac0f983
https://git.kernel.org/stable/c/f678c3c336559cf3255a32153e9a17c1be4e7c15
https://git.kernel.org/stable/c/4e6f225aefeb712cdb870176b6621f02cf235b8c
https://git.kernel.org/stable/c/5996b2b2dac739f2a27da13de8eee5b85b2550b3
https://git.kernel.org/stable/c/791f4641142e2aced85de082e5783b4fb0b977c2
https://git.kernel.org/stable/c/8019d3dd921f39a237a9fab6d2ce716bfac0f983
https://git.kernel.org/stable/c/f678c3c336559cf3255a32153e9a17c1be4e7c15

CVSS

Base:	7.1
Impact:	5.2
Exploitability:	1.8

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	NONE	HIGH

CVSS vektor

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Zadnje važnije ažuriranje

17-09-2025 - 21:06

Objavljeno

19-06-2024 - 14:15