CVE-2024-38579: crypto: bcm - Fix pointer arithmetic
In the Linux kernel, the following vulnerability has been resolved:
crypto: bcm - Fix pointer arithmetic
In spu2dumpomd() value of ptr is increased by ciphkeylen instead of hashivlen which could lead to going beyond the buffer boundaries. Fix this bug by changing ciphkeylen to hashivlen.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Other sources
In the Linux kernel, the following vulnerability has been resolved:
crypto: bcm - Fix pointer arithmetic
The Linux kernel CVE team has assigned CVE-2024-38579 to this issue.
Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024061947-CVE-2024-38579-e96a@gregkh/T
— Red Hat
Linux Kernel is vulnerable to a denial of service, caused by a flaw in Crypto: Bcm. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
— IBM
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of CVE-2024-38579?
CVE-2024-38579 has a medium severity rating due to potential buffer overflows in the Linux kernel.
How do I fix CVE-2024-38579?
To fix CVE-2024-38579, update your Linux kernel to one of the patched versions listed, such as 4.19.316 or 6.10.
What software is affected by CVE-2024-38579?
CVE-2024-38579 affects various versions of the Linux kernel, particularly those below the patched versions specified.
When was CVE-2024-38579 disclosed?
CVE-2024-38579 was disclosed as a vulnerability in the Linux kernel related to improper pointer arithmetic.
What potential issues does CVE-2024-38579 cause?
CVE-2024-38579 can lead to buffer boundary overflows, which may allow attackers to execute arbitrary code.