CVE-2024-26736

2024-04-0300:00:00

ubuntu.com

linux

kernel

vulnerability

buffer size

afs

update volume status

overflow

linux verification center

svace

unix

AI Score

7.7

Confidence

High

EPSS

Percentile

10.3%

JSON

In the Linux kernel, the following vulnerability has been resolved: afs:
Increase buffer size in afs_update_volume_status() The max length of
volume->vid value is 20 characters. So increase idbuf[] size up to 24 to
avoid overflow. Found by Linux Verification Center (linuxtesting.org) with
SVACE. [DH: Actually, it’s 20 + NUL, so increase it to 24 and use
snprintf()]

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchlinux< 4.15.0-226.238UNKNOWN
ubuntu20.04noarchlinux< 5.4.0-186.206UNKNOWN
ubuntu22.04noarchlinux< 5.15.0-112.122UNKNOWN
ubuntu23.10noarchlinux< 6.5.0-44.44UNKNOWN
ubuntu18.04noarchlinux-aws< 4.15.0-1169.182UNKNOWN
ubuntu20.04noarchlinux-aws< 5.4.0-1126.136UNKNOWN
ubuntu22.04noarchlinux-aws< 5.15.0-1063.69UNKNOWN
ubuntu20.04noarchlinux-aws-5.15< 5.15.0-1063.69~20.04.1UNKNOWN
ubuntu18.04noarchlinux-aws-5.4< 5.4.0-1126.136~18.04.1UNKNOWN
ubuntu22.04noarchlinux-aws-6.5< 6.5.0-1023.23~22.04.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	linux	< 4.15.0-226.238	UNKNOWN
ubuntu	20.04	noarch	linux	< 5.4.0-186.206	UNKNOWN
ubuntu	22.04	noarch	linux	< 5.15.0-112.122	UNKNOWN
ubuntu	23.10	noarch	linux	< 6.5.0-44.44	UNKNOWN
ubuntu	18.04	noarch	linux-aws	< 4.15.0-1169.182	UNKNOWN
ubuntu	20.04	noarch	linux-aws	< 5.4.0-1126.136	UNKNOWN
ubuntu	22.04	noarch	linux-aws	< 5.15.0-1063.69	UNKNOWN
ubuntu	20.04	noarch	linux-aws-5.15	< 5.15.0-1063.69~20.04.1	UNKNOWN
ubuntu	18.04	noarch	linux-aws-5.4	< 5.4.0-1126.136~18.04.1	UNKNOWN
ubuntu	22.04	noarch	linux-aws-6.5	< 6.5.0-1023.23~22.04.1	UNKNOWN