CVE-2024-43839

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.10.2

Description The issue is related to a buffer overflow vulnerability in the Linux kernel, specifically in the bna driver. The vulnerability occurs due to insufficient space in the 'name' buffer of the bna tcb and bna ccb structures to write all possible sprintf() arguments. The 'name' size is currently 16, but the first '%s' specifier may already need at least 16 characters, since 'bnad->netdev->name' is used. For '%d' specifiers, it is assumed that they require 1 char for 'tx id + tx info->tcb[i]->id' sum and 2 chars for 'rx id + rx info->rx ctrl[i].ccb->id'. The vulnerability is resolved by replacing sprintf with snprintf.

Recommendations To resolve the issue, upgrade the Linux kernel to version 6.10.2 or later. As a temporary workaround, consider restricting access to the bna driver until a patch is available.