{ "threat_severity" : "Low", "public_date" : "2024-02-23T00:00:00Z", "bugzilla" : { "description" : "kernel: EDAC/thunderx: Incorrect buffer size in drivers/edac/thunderx_edac.c", "id" : "2265800", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2265800" }, "cvss3" : { "cvss3_base_score" : "2.9", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L", "status" : "verified" }, "cwe" : "CWE-805", "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nEDAC/thunderx: Fix possible out-of-bounds string access\nEnabling -Wstringop-overflow globally exposes a warning for a common bug\nin the usage of strncat():\ndrivers/edac/thunderx_edac.c: In function 'thunderx_ocx_com_threaded_isr':\ndrivers/edac/thunderx_edac.c:1136:17: error: 'strncat' specified bound 1024 equals destination size [-Werror=stringop-overflow=]\n1136 | strncat(msg, other, OCX_MESSAGE_SIZE);\n| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n...\n1145 | strncat(msg, other, OCX_MESSAGE_SIZE);\n...\n1150 | strncat(msg, other, OCX_MESSAGE_SIZE);\n...\nApparently the author of this driver expected strncat() to behave the\nway that strlcat() does, which uses the size of the destination buffer\nas its third argument rather than the length of the source buffer. The\nresult is that there is no check on the size of the allocated buffer.\nChange it to strlcat().\n[ bp: Trim compiler output, fixup commit message. ]", "A flaw was found in the Linux Kernel. An improper buffer size is provided to the strncat function, which may result in an out-of-bounds write, leading to memory corruption or a denial of service." ], "statement" : "Because the functions in question pass as arguments static strings with a known size, none of which exceed the size of the allocated buffer, this flaw is not known to be exploitable under any supported scenario.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2024-07-08T00:00:00Z", "advisory" : "RHSA-2024:4352", "cpe" : "cpe:/a:redhat:enterprise_linux:8::nfv", "package" : "kernel-rt-0:4.18.0-553.8.1.rt7.349.el8_10" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2024-07-02T00:00:00Z", "advisory" : "RHSA-2024:4211", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "kernel-0:4.18.0-553.8.1.el8_10" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-11-12T00:00:00Z", "advisory" : "RHSA-2024:9315", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-503.11.1.el9_5" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-11-12T00:00:00Z", "advisory" : "RHSA-2024:9315", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-503.11.1.el9_5" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Out of support scope", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-52464\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-52464\nhttps://lore.kernel.org/linux-cve-announce/2024022336-CVE-2023-52464-b17c@gregkh/T/#u" ], "name" : "CVE-2023-52464", "mitigation" : { "value" : "No mitigation is currently available for this vulnerability. Make sure to perform the updates as they become available.", "lang" : "en:us" }, "csaw" : false }