| { |
| "containers": { |
| "cna": { |
| "providerMetadata": { |
| "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038" |
| }, |
| "descriptions": [ |
| { |
| "lang": "en", |
| "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: n_gsm: fix possible out-of-bounds in gsm0_receive()\n\nAssuming the following:\n- side A configures the n_gsm in basic option mode\n- side B sends the header of a basic option mode frame with data length 1\n- side A switches to advanced option mode\n- side B sends 2 data bytes which exceeds gsm->len\n Reason: gsm->len is not used in advanced option mode.\n- side A switches to basic option mode\n- side B keeps sending until gsm0_receive() writes past gsm->buf\n Reason: Neither gsm->state nor gsm->len have been reset after\n reconfiguration.\n\nFix this by changing gsm->count to gsm->len comparison from equal to less\nthan. Also add upper limit checks against the constant MAX_MRU in\ngsm0_receive() and gsm1_receive() to harden against memory corruption of\ngsm->len and gsm->mru.\n\nAll other checks remain as we still need to limit the data according to the\nuser configuration and actual payload size." |
| } |
| ], |
| "affected": [ |
| { |
| "product": "Linux", |
| "vendor": "Linux", |
| "defaultStatus": "unaffected", |
| "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", |
| "programFiles": [ |
| "drivers/tty/n_gsm.c" |
| ], |
| "versions": [ |
| { |
| "version": "e1eaea46bb4020b38a141b84f88565d4603f8dd0", |
| "lessThan": "9513d4148950b05bc99fa7314dc883cc0e1605e5", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "e1eaea46bb4020b38a141b84f88565d4603f8dd0", |
| "lessThan": "b229bc6c6ea9fe459fc3fa94fd0a27a2f32aca56", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "e1eaea46bb4020b38a141b84f88565d4603f8dd0", |
| "lessThan": "0fb736c9931e02dbc7d9a75044c8e1c039e50f04", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "e1eaea46bb4020b38a141b84f88565d4603f8dd0", |
| "lessThan": "4c267110fc110390704cc065edb9817fdd10ff54", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "e1eaea46bb4020b38a141b84f88565d4603f8dd0", |
| "lessThan": "46f52c89a7e7d2691b97a9728e4591d071ca8abc", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "e1eaea46bb4020b38a141b84f88565d4603f8dd0", |
| "lessThan": "774d83b008eccb1c48c14dc5486e7aa255731350", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "e1eaea46bb4020b38a141b84f88565d4603f8dd0", |
| "lessThan": "f126ce7305fe88f49cdabc6db4168b9318898ea3", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "e1eaea46bb4020b38a141b84f88565d4603f8dd0", |
| "lessThan": "b890d45aaf02b564e6cae2d2a590f9649330857d", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "e1eaea46bb4020b38a141b84f88565d4603f8dd0", |
| "lessThan": "47388e807f85948eefc403a8a5fdc5b406a65d5a", |
| "status": "affected", |
| "versionType": "git" |
| } |
| ] |
| }, |
| { |
| "product": "Linux", |
| "vendor": "Linux", |
| "defaultStatus": "affected", |
| "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", |
| "programFiles": [ |
| "drivers/tty/n_gsm.c" |
| ], |
| "versions": [ |
| { |
| "version": "2.6.35", |
| "status": "affected" |
| }, |
| { |
| "version": "0", |
| "lessThan": "2.6.35", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "4.19.316", |
| "lessThanOrEqual": "4.19.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "5.4.278", |
| "lessThanOrEqual": "5.4.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "5.10.219", |
| "lessThanOrEqual": "5.10.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "5.15.161", |
| "lessThanOrEqual": "5.15.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "6.1.93", |
| "lessThanOrEqual": "6.1.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "6.6.33", |
| "lessThanOrEqual": "6.6.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "6.8.12", |
| "lessThanOrEqual": "6.8.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "6.9.3", |
| "lessThanOrEqual": "6.9.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "6.10", |
| "lessThanOrEqual": "*", |
| "status": "unaffected", |
| "versionType": "original_commit_for_fix" |
| } |
| ] |
| } |
| ], |
| "cpeApplicability": [ |
| { |
| "nodes": [ |
| { |
| "operator": "OR", |
| "negate": false, |
| "cpeMatch": [ |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "2.6.35", |
| "versionEndExcluding": "4.19.316" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "2.6.35", |
| "versionEndExcluding": "5.4.278" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "2.6.35", |
| "versionEndExcluding": "5.10.219" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "2.6.35", |
| "versionEndExcluding": "5.15.161" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "2.6.35", |
| "versionEndExcluding": "6.1.93" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "2.6.35", |
| "versionEndExcluding": "6.6.33" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "2.6.35", |
| "versionEndExcluding": "6.8.12" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "2.6.35", |
| "versionEndExcluding": "6.9.3" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "2.6.35", |
| "versionEndExcluding": "6.10" |
| } |
| ] |
| } |
| ] |
| } |
| ], |
| "references": [ |
| { |
| "url": "https://git.kernel.org/stable/c/9513d4148950b05bc99fa7314dc883cc0e1605e5" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/b229bc6c6ea9fe459fc3fa94fd0a27a2f32aca56" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/0fb736c9931e02dbc7d9a75044c8e1c039e50f04" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/4c267110fc110390704cc065edb9817fdd10ff54" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/46f52c89a7e7d2691b97a9728e4591d071ca8abc" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/774d83b008eccb1c48c14dc5486e7aa255731350" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/f126ce7305fe88f49cdabc6db4168b9318898ea3" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/b890d45aaf02b564e6cae2d2a590f9649330857d" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/47388e807f85948eefc403a8a5fdc5b406a65d5a" |
| } |
| ], |
| "title": "tty: n_gsm: fix possible out-of-bounds in gsm0_receive()", |
| "x_generator": { |
| "engine": "bippy-1.2.0" |
| } |
| } |
| }, |
| "cveMetadata": { |
| "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038", |
| "cveID": "CVE-2024-36016", |
| "requesterUserId": "gregkh@kernel.org", |
| "serial": "1", |
| "state": "PUBLISHED" |
| }, |
| "dataType": "CVE_RECORD", |
| "dataVersion": "5.0" |
| } |
