CVE - CVE-2024-36016

CVE-ID
CVE-2024-36016	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
In the Linux kernel, the following vulnerability has been resolved: tty: n_gsm: fix possible out-of-bounds in gsm0_receive() Assuming the following: - side A configures the n_gsm in basic option mode - side B sends the header of a basic option mode frame with data length 1 - side A switches to advanced option mode - side B sends 2 data bytes which exceeds gsm->len Reason: gsm->len is not used in advanced option mode. - side A switches to basic option mode - side B keeps sending until gsm0_receive() writes past gsm->buf Reason: Neither gsm->state nor gsm->len have been reset after reconfiguration. Fix this by changing gsm->count to gsm->len comparison from equal to less than. Also add upper limit checks against the constant MAX_MRU in gsm0_receive() and gsm1_receive() to harden against memory corruption of gsm->len and gsm->mru. All other checks remain as we still need to limit the data according to the user configuration and actual payload size.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://git.kernel.org/stable/c/0fb736c9931e02dbc7d9a75044c8e1c039e50f04 URL:https://git.kernel.org/stable/c/0fb736c9931e02dbc7d9a75044c8e1c039e50f04 MISC:https://git.kernel.org/stable/c/46f52c89a7e7d2691b97a9728e4591d071ca8abc URL:https://git.kernel.org/stable/c/46f52c89a7e7d2691b97a9728e4591d071ca8abc MISC:https://git.kernel.org/stable/c/47388e807f85948eefc403a8a5fdc5b406a65d5a URL:https://git.kernel.org/stable/c/47388e807f85948eefc403a8a5fdc5b406a65d5a MISC:https://git.kernel.org/stable/c/4c267110fc110390704cc065edb9817fdd10ff54 URL:https://git.kernel.org/stable/c/4c267110fc110390704cc065edb9817fdd10ff54 MISC:https://git.kernel.org/stable/c/774d83b008eccb1c48c14dc5486e7aa255731350 URL:https://git.kernel.org/stable/c/774d83b008eccb1c48c14dc5486e7aa255731350 MISC:https://git.kernel.org/stable/c/9513d4148950b05bc99fa7314dc883cc0e1605e5 URL:https://git.kernel.org/stable/c/9513d4148950b05bc99fa7314dc883cc0e1605e5 MISC:https://git.kernel.org/stable/c/b229bc6c6ea9fe459fc3fa94fd0a27a2f32aca56 URL:https://git.kernel.org/stable/c/b229bc6c6ea9fe459fc3fa94fd0a27a2f32aca56 MISC:https://git.kernel.org/stable/c/b890d45aaf02b564e6cae2d2a590f9649330857d URL:https://git.kernel.org/stable/c/b890d45aaf02b564e6cae2d2a590f9649330857d MISC:https://git.kernel.org/stable/c/f126ce7305fe88f49cdabc6db4168b9318898ea3 URL:https://git.kernel.org/stable/c/f126ce7305fe88f49cdabc6db4168b9318898ea3 MLIST:[debian-lts-announce] 20240627 [SECURITY] [DLA 3840-1] linux security update URL:https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
Assigning CNA
kernel.org
Date Record Created
20240517	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20240517)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)