CVE-2024-38576

Updated:

Description:

In the Linux kernel, the following vulnerability has been resolved: rcu: Fix buffer overflow in print_cpu_stall_info() The rcuc-starvation output from print_cpu_stall_info() might overflow the buffer if there is a huge difference in jiffies difference. The situation might seem improbable, but computers sometimes get very confused about time, which can result in full-sized integers, and, in this case, buffer overflow. Also, the unsigned jiffies difference is printed using %ld, which is normally for signed integers. This is intentional for debugging purposes, but it is not obvious from the code. This commit therefore changes sprintf() to snprintf() and adds a clarifying comment about intention of %ld format. Found by Linux Verification Center (linuxtesting.org) with SVACE.

CVSS3: 7.1


Vendor State

OS Vendor version Errata
Ubuntu 24.04 6.8.0-40.40 USN-6949-1

KernelCare State

OS Original kernel version State
Debian 12
Planned
Ubuntu 24.04
Planned