CVE-2024-42236

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Aug 7, 2024
Updated: Aug 8, 2024
CWE ID 787

Summary

CVE-2024-42236 is a Linux kernel vulnerability affecting the USB gadget configfs. The issue arises when the length of a userspace provided string 's' is zero, leading to out-of-bounds (OOB) read and write operations. Specifically, an OOB read can occur through the check `if (str[0 - 1] == '\\n')`, followed by an OOB write with the assignment `str[0 - 1] = '\\0'`. To mitigate this, an additional check for invalid strings that are too short is recommended.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share