CVE-2024-36935: ice: ensure the copied buf is NUL terminated

Description

In the Linux kernel, the following vulnerability has been resolved:

ice: ensure the copied buf is NUL terminated

Currently, we allocate a count-sized kernel buffer and copy count bytes
from userspace to that buffer. Later, we use sscanf on this buffer but we
don't ensure that the string is terminated inside the buffer, this can lead
to OOB read when using sscanf. Fix this issue by using memdup_user_nul
instead of memdup_user.

Classification

CVE ID: CVE-2024-36935

Affected Products

Vendor: Linux

Product: Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.48% (scored less or equal to compared to others)

EPSS Date: 2025-02-04 (when was this score calculated)

References

https://git.kernel.org/stable/c/5ff4de981983ed84f29b5d92b6550ec054e12a92
https://git.kernel.org/stable/c/666854ea9cad844f75a068f32812a2d78004914a

Timeline

2024-12-20 00:38:22 UTC
CVE

ice: ensure the copied buf is NUL terminated