1. Home
  2. Vulnerabilities
  3. CVE-2023-52464

CVE-2023-52464

CVSS v3.1 7.8 (High)
78% Progress
EPSS 0.04 % (5th)
0.04% Progress
Affected Products 1
Advisories 32
NVD Status Modified
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

In the Linux kernel, the following vulnerability has been resolved:

EDAC/thunderx: Fix possible out-of-bounds string access

Enabling -Wstringop-overflow globally exposes a warning for a common bug
in the usage of strncat():

drivers/edac/thunderx_edac.c: In function 'thunderx_ocx_com_threaded_isr':
drivers/edac/thunderx_edac.c:1136:17: error: 'strncat' specified bound 1024 equals destination size [-Werror=stringop-overflow=]
1136 | strncat(msg, other, OCX_MESSAGE_SIZE);
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
...
1145 | strncat(msg, other, OCX_MESSAGE_SIZE);
...
1150 | strncat(msg, other, OCX_MESSAGE_SIZE);

...

Apparently the author of this driver expected strncat() to behave the
way that strlcat() does, which uses the size of the destination buffer
as its third argument rather than the length of the source buffer. The
result is that there is no check on the size of the allocated buffer.

Change it to strlcat().

[ bp: Trim compiler output, fixup commit message. ]

Weaknesses
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE Status
PUBLISHED
NVD Status
Modified
CNA
kernel.org
Published Date
2024-02-23 15:15:08
(6 months ago)
Updated Date
2024-06-27 13:15:52
(2 months ago)

Affected Products

Linux

Configuration #1

    CPE23 From Up To
  Linux Kernel from 4.12.0 version and prior 4.19.306 version cpe:2.3:o:linux:linux_kernel >= 4.12.0 < 4.19.306
  Linux Kernel from 4.20.0 version and prior 5.4.268 version cpe:2.3:o:linux:linux_kernel >= 4.20.0 < 5.4.268
  Linux Kernel from 5.5.0 version and prior 5.10.209 version cpe:2.3:o:linux:linux_kernel >= 5.5.0 < 5.10.209
  Linux Kernel from 5.11.0 version and prior 5.15.148 version cpe:2.3:o:linux:linux_kernel >= 5.11.0 < 5.15.148
  Linux Kernel from 5.16.0 version and prior 6.1.75 version cpe:2.3:o:linux:linux_kernel >= 5.16.0 < 6.1.75
  Linux Kernel from 6.2.0 version and prior 6.6.14 version cpe:2.3:o:linux:linux_kernel >= 6.2.0 < 6.6.14
  Linux Kernel from 6.7.0 version and prior 6.7.2 version cpe:2.3:o:linux:linux_kernel >= 6.7.0 < 6.7.2