CVE-2024-26988

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-26988
In the Linux kernel, the following vulnerability has been resolved: init/main.c: Fix potential static_command_line memory overflow We allocate memory of size 'xlen + strlen(boot_command_line) + 1' for static_command_line, but the strings copied into static_command_line are extra_command_line and command_line, rather than extra_command_line and boot_command_line. When strlen(command_line) > strlen(boot_command_line), static_command_line will overflow. This patch just recovers strlen(command_line) which was miss-consolidated with strlen(boot_command_line) in the commit f5c7310ac73e ("init/main: add checks for the return value of memblock_alloc*()")

7.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://git.kernel.org/stable/c/0dc727a4e05400205358a22c3d01ccad2c8e1fe4 Patch
https://git.kernel.org/stable/c/2ef607ea103616aec0289f1b65d103d499fa903a Patch
https://git.kernel.org/stable/c/46dad3c1e57897ab9228332f03e1c14798d2d3b9 Patch
https://git.kernel.org/stable/c/76c2f4d426a5358fced5d5990744d46f10a4ccea Patch
https://git.kernel.org/stable/c/81cf85ae4f2dd5fa3e43021782aa72c4c85558e8 Patch
https://git.kernel.org/stable/c/936a02b5a9630c5beb0353c3085cc49d86c57034 Patch
https://git.kernel.org/stable/c/0dc727a4e05400205358a22c3d01ccad2c8e1fe4 Patch
https://git.kernel.org/stable/c/2ef607ea103616aec0289f1b65d103d499fa903a Patch
https://git.kernel.org/stable/c/46dad3c1e57897ab9228332f03e1c14798d2d3b9 Patch
https://git.kernel.org/stable/c/76c2f4d426a5358fced5d5990744d46f10a4ccea Patch
https://git.kernel.org/stable/c/81cf85ae4f2dd5fa3e43021782aa72c4c85558e8 Patch
https://git.kernel.org/stable/c/936a02b5a9630c5beb0353c3085cc49d86c57034 Patch
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html Third Party Advisory Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53/ Third Party Advisory Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY/ Third Party Advisory Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW/ Third Party Advisory Mailing List
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.9:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.9:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.9:rc4:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*
History

No history.

Information

Published : 2024-05-01 06:15

Updated : 2025-12-23 00:50

NVD link : CVE-2024-26988

Mitre link : CVE-2024-26988

CVE.ORG link : CVE-2024-26988

JSON object : View

Products Affected

debian

  • debian_linux

fedoraproject

  • fedora

linux

  • linux_kernel
CWE
CWE-787

Out-of-bounds Write