CVE-2024-26736

Updated: 2024-07-16 21:09:28.420987

Description:

In the Linux kernel, the following vulnerability has been resolved: afs: Increase buffer size in afs_update_volume_status() The max length of volume->vid value is 20 characters. So increase idbuf[] size up to 24 to avoid overflow. Found by Linux Verification Center (linuxtesting.org) with SVACE. [DH: Actually, it's 20 + NUL, so increase it to 24 and use snprintf()]


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x NONE 0
CVSS Version 3.x MEDIUM 4.7

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

Ubuntu 16.04 ELS linux-hwe 4.15.0 4.7 MEDIUM Released CLSA-2024:1718951563 2024-06-21 05:19:59
Ubuntu 16.04 ELS linux 4.4.0 4.7 MEDIUM Not Vulnerable 2024-07-07 03:02:50
Ubuntu 18.04 ELS linux 4.15.0 4.7 MEDIUM Released CLSA-2024:1718950178 2024-06-21 02:55:56