发布时间: 2024年6月28日
修改时间: 2024年7月5日
In the Linux kernel, the following vulnerability has been resolved: of: module: add buffer overflow check in of_modalias() In of_modalias(), if the buffer happens to be too small even for the 1st snprintf() call, the len parameter will become negative and str parameter (if not NULL initially) will point beyond the buffer's end. Add the buffer overflow check after the 1st snprintf() call and fix such check after the strlen() call (accounting for the terminating NUL char).
| NVD | openEuler | |
|---|---|---|
| Confidentiality | High | None |
| Attack Vector | Network | Local |
| CVSS评分 | 9.8 | 5.5 |
| Attack Complexity | Low | Low |
| Privileges Required | None | Low |
| Scope | Unchanged | Unchanged |
| Integrity | High | None |
| User Interaction | None | None |
| Availability | High | High |
| 公告名 | 概要 | 发布时间 |
|---|---|---|
| KylinSec-SA-2024-3118 | kernel security update | 2024年7月5日 |
| KylinSec-SA-2024-4792 | kernel security update | 2024年6月28日 |
| 产品 | 包 | 状态 |
|---|---|---|
| KY3.4-5A | kernel | Fixed |
| KY3.5.2 | kernel | Fixed |
| KY3.5.2 | kernel | Unaffected |
| V6 | kernel | Fixed |
