PT-2024-7069 · Linux+6 · Linux Kernel+6

Lee Jones

·

Published

2024-07-05

·

Updated

2025-09-29

·

CVE-2024-42236

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The issue is related to the usb string copy() function in the Linux kernel's USB gadget configfs module. It involves an out-of-bounds (OOB) read and write when a userspace-provided string has a length of zero. This can lead to a denial of service. The vulnerability arises from the lack of a check for invalid strings that are too short, although there is already a validating check for strings that are too long. The OOB read and write occur in the forms if (str[0 - 1] == ' ') and str[0 - 1] = '0', respectively.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALSA-2025_16880
ALT-PU-2024-10465
ALT-PU-2024-11524
ALT-PU-2024-12537
ALT-PU-2024-13979
ALT-PU-2024-14046
AZL-47471
AZL-47621
BDU:2024-08327
CVE-2024-42236
DLA-4008-1
DSA-5747-1
OESA-2024-2028
OESA-2024-2029
OESA-2024-2030
OESA-2024-2031
OESA-2024-2296
OPENSUSE-SU-2024_3190-1
OPENSUSE-SU-2024_3209-1
OPENSUSE-SU-2024_3483-1
SUSE-SU-2024:3189-1
SUSE-SU-2024:3190-1
SUSE-SU-2024:3194-1
SUSE-SU-2024:3195-1
SUSE-SU-2024:3209-1
SUSE-SU-2024:3251-1
SUSE-SU-2024:3252-1
SUSE-SU-2024:3383-1
SUSE-SU-2024:3483-1
SUSE-SU-2025:20044-1
SUSE-SU-2025:20047-1
USN-7003-1
USN-7003-2
USN-7003-3
USN-7003-4
USN-7003-5
USN-7006-1
USN-7007-1
USN-7007-2
USN-7007-3
USN-7009-1
USN-7009-2
USN-7019-1
USN-7089-1
USN-7089-2
USN-7089-3
USN-7089-4
USN-7089-5
USN-7089-6
USN-7089-7
USN-7090-1
USN-7095-1
USN-7156-1

Affected Products

Alt Linux
Astra Linux
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu