Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: tracing: Consider the NULL character when validating the event length strlen() returns a string length excluding the null byte. If the string length equals to the maximum buffer length, the buffer will have no space for the NULL terminating character. This commit checks this condition and returns failure for it.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 5.1, < 5.15.170 |
Related Weaknesses (CWE)
References
- https://git.kernel.org/stable/c/02874ca52df2ca2423ba6122039315ed61c25972
- https://git.kernel.org/stable/c/0b6e2e22cb23105fcb171ab92f0f7516c69c8471Patch
- https://git.kernel.org/stable/c/5e3231b352725ff4a3a0095e6035af674f2d8725
- https://git.kernel.org/stable/c/5fd942598ddeed9a212d1ff41f9f5b47bcc990a7Patch
- https://git.kernel.org/stable/c/a14a075a14af8d622c576145455702591bdde09dPatch
- https://git.kernel.org/stable/c/b86b0d6eea204116e4185acc35041ca4ff11a642Patch
- https://git.kernel.org/stable/c/f4ed40d1c669bba1a54407d8182acdc405683f29Patch
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
- https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
- https://cert-portal.siemens.com/productcert/html/ssa-265688.html
FAQ
What is CVE-2024-50131?
CVE-2024-50131 is a vulnerability with a CVSS score of 7.8 (HIGH). In the Linux kernel, the following vulnerability has been resolved: tracing: Consider the NULL character when validating the event length strlen() returns a string length excluding the null byte. If...
How severe is CVE-2024-50131?
CVE-2024-50131 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-50131?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.