← Back to CVE List

CVE-2024-42236

Published: 2024-08-07T16:15Z
Last Modified: 2024-08-08T14:54Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() Userspace provided string 's' could trivially have the length zero. Left unchecked this will firstly result in an OOB read in the form `if (str[0 - 1] == '\n') followed closely by an OOB write in the form `str[0 - 1] = '\0'`. There is already a validating check to catch strings that are too long. Let's supply an additional check for invalid strings that are too short. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt