PT-2024-33962 · Linux+7 · Linux Kernel+7
Published
2024-10-23
·
Updated
2026-02-21
·
CVE-2024-50131
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Linux kernel versions prior to 6.6.61
Description:
The issue arises from the
strlen() function returning a string length that excludes the null byte. If the string length equals the maximum buffer length, the buffer will have no space for the NULL terminating character. This condition is checked, and failure is returned for it. The vulnerability concerns the tracing functionality in the Linux kernel, specifically when validating the event length.Recommendations:
For Linux kernel versions prior to 6.6.61, update to version 6.6.61 or later to resolve the issue. As a temporary workaround, consider restricting access to the tracing functionality until a patch is available.
Exploit
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu