CVE-2024-42236

Updated: 2025-11-19 05:26:29.89887

Description:

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() Userspace provided string 's' could trivially have the length zero. Left unchecked this will firstly result in an OOB read in the form `if (str[0 - 1] == '\n') followed closely by an OOB write in the form `str[0 - 1] = '\0'`. There is already a validating check to catch strings that are too long. Let's supply an additional check for invalid strings that are too short.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0.0
CVSS Version 3.x MEDIUM 5.5

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement
AlmaLinux 9.2 ESU kernel 5.14.0 5.5 MEDIUM Ignored 2024-08-12 12:02:07 This flaw is confined to the USB gadget configfs path and is only reachable on systems configured fo...
CentOS 6 ELS kernel 2.6.32 5.5 MEDIUM Ignored 2024-08-12 12:02:07 Ignored due to low severity
CentOS 7 ELS kernel 3.10.0 5.5 MEDIUM Ignored 2024-08-12 12:02:04 Ignored due to low severity
CentOS 8.4 ELS kernel 4.18.0 5.5 MEDIUM Ignored 2024-08-12 12:02:05 Ignored due to low severity
CentOS 8.5 ELS kernel 4.18.0 5.5 MEDIUM Ignored 2024-08-12 12:02:05 Ignored due to low severity
CentOS Stream 8 ELS kernel 4.18.0 5.5 MEDIUM Ignored 2024-08-12 12:02:03 Ignored due to low severity
CloudLinux 6 ELS kernel 2.6.32 5.5 MEDIUM Ignored 2024-08-12 12:02:07 Ignored due to low severity
CloudLinux 7 ELS kernel 3.10.0 5.5 MEDIUM Ignored 2024-08-12 12:02:03 Ignored due to low severity
Oracle Linux 6 ELS kernel 2.6.32 5.5 MEDIUM Ignored 2024-08-12 12:02:04 Ignored due to low severity
Oracle Linux 7 ELS kernel 3.10.0 5.5 MEDIUM Ignored 2024-12-03 12:09:39 Ignored due to low severity
Total: 15