CVE-2024-49995

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.58

Description: A string buffer overrun vulnerability has been resolved in the Linux kernel. The issue occurs when copying media name and if name to name parts, which may overwrite the destination. This is due to the use of strcpy() with insufficient buffer size checks, as reported by Smatch. The vulnerable code is located in bearer.c at lines 166 and 167, where media name and if name are too large for name parts->media name and name parts->if name, respectively. The vulnerability was introduced by commit b97bf3fd8f6a ("[TIPC] Initial merge").

Recommendations: For Linux kernel versions prior to 6.6.58, update to version 6.6.58 or later to resolve the vulnerability. As a temporary workaround, consider using strscpy() instead of strcpy() and failing if truncation occurs to prevent buffer overruns. Restrict access to the vulnerable bearer name validate() function until the issue is resolved. Avoid using the media name and if name variables in the affected code paths until the update is applied.