PT-2024-7734 · Linux+4 · Linux Kernel+4

Daniel Bristot De Oliveira

Published

2024-02-12

Updated

2024-10-25

CVE-2024-26818

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel version 6.8.0-rc3

Description The issue is related to a potential buffer overflow in the fscanf function, which may occur when the mount point variable is used. The warning is reported by clang, indicating that the destination buffer in argument 3 has a size of 1024, but the corresponding specifier may require a size of 1025. To avoid the overflow, the mount point variable size should be increased to MAX PATH+1.

Recommendations Increase the mount point variable size to MAX PATH+1 to avoid the overflow.

Exploit

Fix

Assertion Failure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-617

Related Identifiers

BDU:2024-09202

CVE-2024-26818

USN-6895-1

USN-6895-2

USN-6895-3

USN-6895-4

USN-6900-1

Affected Products

Astra Linux

Linuxmint

Linux Kernel

Red Os

Ubuntu

PT-2024-7734 · Linux+4 · Linux Kernel+4

CVE-2024-26818

Weakness Enumeration

Related Identifiers

Affected Products

References · 139