Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: firewire: nosy: ensure user_length is taken into account when fetching packet contents Ensure that packet_buffer_get respects the user_length provided. If the length of the head packet exceeds the user_length, packet_buffer_get will now return 0 to signify to the user that no data were read and a larger buffer size is required. Helps prevent user space overflows.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 2.6.36, < 4.19.314 |
| Debian | Debian Linux | 10.0 |
| Fedoraproject | Fedora | 39 |
References
- https://git.kernel.org/stable/c/1fe60ee709436550f8cfbab01295936b868d5baaPatch
- https://git.kernel.org/stable/c/38762a0763c10c24a4915feee722d7aa6e73eb98Patch
- https://git.kernel.org/stable/c/4ee0941da10e8fdcdb34756b877efd3282594c1fPatch
- https://git.kernel.org/stable/c/539d51ac48bcfcfa1b3d4a85f8df92fa22c1d41cPatch
- https://git.kernel.org/stable/c/67f34f093c0f7bf33f5b4ae64d3d695a3b978285Patch
- https://git.kernel.org/stable/c/79f988d3ffc1aa778fc5181bdfab312e57956c6bPatch
- https://git.kernel.org/stable/c/7b8c7bd2296e95b38a6ff346242356a2e7190239Patch
- https://git.kernel.org/stable/c/cca330c59c54207567a648357835f59df9a286bbPatch
- https://git.kernel.org/stable/c/1fe60ee709436550f8cfbab01295936b868d5baaPatch
- https://git.kernel.org/stable/c/38762a0763c10c24a4915feee722d7aa6e73eb98Patch
- https://git.kernel.org/stable/c/4ee0941da10e8fdcdb34756b877efd3282594c1fPatch
- https://git.kernel.org/stable/c/539d51ac48bcfcfa1b3d4a85f8df92fa22c1d41cPatch
- https://git.kernel.org/stable/c/67f34f093c0f7bf33f5b4ae64d3d695a3b978285Patch
- https://git.kernel.org/stable/c/79f988d3ffc1aa778fc5181bdfab312e57956c6bPatch
- https://git.kernel.org/stable/c/7b8c7bd2296e95b38a6ff346242356a2e7190239Patch
FAQ
What is CVE-2024-27401?
CVE-2024-27401 is a vulnerability with a CVSS score of 7.1 (HIGH). In the Linux kernel, the following vulnerability has been resolved: firewire: nosy: ensure user_length is taken into account when fetching packet contents Ensure that packet_buffer_get respects the ...
How severe is CVE-2024-27401?
CVE-2024-27401 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-27401?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Debian Debian Linux, Fedoraproject Fedora.