CVE-2024-35823: vt: fix unicode buffer corruption when deleting characters
In the Linux kernel, the following vulnerability has been resolved:
vt: fix unicode buffer corruption when deleting characters
The Linux kernel CVE team has assigned CVE-2024-35823 to this issue.
Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024051745-CVE-2024-35823-1e69@gregkh/T
Other sources
In the Linux kernel, the following vulnerability has been resolved:
vt: fix unicode buffer corruption when deleting characters
This is the same issue that was fixed for the VGA text buffer in commit 39cdb68c64d8 ("vt: fix memory overlapping when deleting chars in the buffer"). The cure is also the same i.e. replace memcpy() with memmove() due to the overlaping buffers.
— NVD
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of CVE-2024-35823?
The severity of CVE-2024-35823 is classified as moderate.
How do I fix CVE-2024-35823?
To fix CVE-2024-35823, update the Linux kernel to a version that is patched, such as 4.19.312, 5.4.274, or later versions.
Which Linux kernel versions are affected by CVE-2024-35823?
CVE-2024-35823 affects various kernel versions including any prior to 4.19.312, 5.4.274, 5.10.215, 5.15.154, 6.1.84, 6.6.24, and 6.7.12.
Is CVE-2024-35823 specific to any Linux distributions?
CVE-2024-35823 has been identified in the Linux kernel and pertains to multiple distributions, including Red Hat and Debian.
What type of vulnerability is CVE-2024-35823?
CVE-2024-35823 is a buffer corruption vulnerability related to unicode handling in the Linux kernel.