vulnerability

Red Hat: CVE-2024-36957: kernel: octeontx2-af: avoid off-by-one read from userspace (Multiple Advisories)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:L/AC:L/Au:M/C:C/I:N/A:N)	May 30, 2024	Jun 27, 2024	Dec 24, 2025

Severity

CVSS

(AV:L/AC:L/Au:M/C:C/I:N/A:N)

Published

May 30, 2024

Added

Jun 27, 2024

Modified

Dec 24, 2025

Description

In the Linux kernel, the following vulnerability has been resolved:

octeontx2-af: avoid off-by-one read from userspace

We try to access count + 1 byte from userspace with memdup_user(buffer,
count + 1). However, the userspace only provides buffer of count bytes and
only these count bytes are verified to be okay to access. To ensure the
copied buffer is NUL terminated, we use memdup_user_nul instead.

Solutions

no-fix-redhat-rpm-packageredhat-upgrade-kernelredhat-upgrade-kernel-rt

References

CWE-193
NVD-CVE-2024-36957
REDHAT-RHSA-2024:4106
REDHAT-RHSA-2024:4108
REDHAT-RHSA-2024:4583

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today