Linux · Linux Kernel · CVE-2024-27401
Name of the Vulnerable Software and Affected Versions:
Linux kernel (affected versions not specified)
Description:
The issue is related to the `packet buffer get` function in the Linux kernel's FireWire driver, which can lead to a buffer overflow in user space. If the length of the head packet exceeds the provided `user length`, the function will return 0 to indicate that no data were read and a larger buffer size is required. This helps prevent user space overflows. The vulnerability can be exploited to cause a denial of service.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.