Updated: 2025-04-01
CWE: CWE-120
Description:
In the Linux kernel, the following vulnerability has been resolved: rcu: Fix buffer overflow in print_cpu_stall_info() The rcuc-starvation output from print_cpu_stall_info() might overflow the buffer if there is a huge difference in jiffies difference. The situation might seem improbable, but computers sometimes get very confused about time, which can result in full-sized integers, and, in this case, buffer overflow. Also, the unsigned jiffies difference is printed using %ld, which is normally for signed integers. This is intentional for debugging purposes, but it is not obvious from the code. This commit therefore changes sprintf() to snprintf() and adds a clarifying comment about intention of %ld format. Found by Linux Verification Center (linuxtesting.org) with SVACE. A potential buffer overflow vulnerability was found in print_cpu_stall_info() in the Linux kernel. This issue may lead to a crash.
CVSS3: 7.1
| OS | Vendor version | Errata |
|---|---|---|
| Amazon Linux 2023 | 6.1.94-99.176.amzn2023 | ALAS2023-2024-683 |
| Ubuntu 24.04 | 6.8.0-40.40 | USN-6949-1 |
| OS | Original kernel version | State |
|---|---|---|
| Debian 12 | |
Planned |
| Amazon Linux 2023 | |
Planned |
| Ubuntu 24.04 | |
Planned |