7.8 CVE-2024-42301

Buffer Overflow Patch

In the Linux kernel, the following vulnerability has been resolved: dev/parport: fix the array out-of-bounds risk Fixed array out-of-bounds issues caused by sprintf by replacing it with snprintf for safer data copying, ensuring the destination buffer is not overflowed. Below is the stack trace I encountered during the actual issue: [ 66.575408s] [pid:5118,cpu4,QThread,4]Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: do_hardware_base_addr+0xcc/0xd0 [parport] [ 66.575408s] [pid:5118,cpu4,QThread,5]CPU: 4 PID: 5118 Comm: QThread Tainted: G S W O 5.10.97-arm64-desktop #7100.57021.2 [ 66.575439s] [pid:5118,cpu4,QThread,6]TGID: 5087 Comm: EFileApp [ 66.575439s] [pid:5118,cpu4,QThread,7]Hardware name: HUAWEI HUAWEI QingYun PGUX-W515x-B081/SP1PANGUXM, BIOS 1.00.07 04/29/2024 [ 66.575439s] [pid:5118,cpu4,QThread,8]Call trace: [ 66.575469s] [pid:5118,cpu4,QThread,9] dump_backtrace+0x0/0x1c0 [ 66.575469s] [pid:5118,cpu4,QThread,0] show_stack+0x14/0x20 [ 66.575469s] [pid:5118,cpu4,QThread,1] dump_stack+0xd4/0x10c [ 66.575500s] [pid:5118,cpu4,QThread,2] panic+0x1d8/0x3bc [ 66.575500s] [pid:5118,cpu4,QThread,3] __stack_chk_fail+0x2c/0x38 [ 66.575500s] [pid:5118,cpu4,QThread,4] do_hardware_base_addr+0xcc/0xd0 [parport]
https://nvd.nist.gov/vuln/detail/CVE-2024-42301

Categories

CWE-129 : Improper Validation of Array Index
The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array. The most common condition situation leading to an out-of-bounds array index is the use of loop index variables as buffer indexes. If the end condition for the loop is subject to a flaw, the index can grow or shrink unbounded, therefore causing a buffer overflow or underflow. Another common situation leading to this condition is the use of a function's return value, or the resulting value of a calculation directly as an index in to a buffer. This weakness can be detected using dynamic tools and techniques that interact with the software using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The software's operation may slow down, but it should not become unstable, crash, or generate incorrect results. Black box methods might not get the needed code coverage within limited time constraints, and a dynamic test might not produce any noticeable side effects even if it is successful. Use an input validation framework such as Struts or the OWASP ESAPI Validation API. Note that using a framework does not automatically address all input validation problems; be mindful of weaknesses that could arise from misusing the framework itself (CWE-1173). Be especially careful to validate all input when invoking code that crosses language boundaries, such as from an interpreted language to native code. This could create an unexpected interaction between the language boundaries. Ensure that you are not violating any of the expectations of the language with which you are interfacing. For example, even though Java may not be susceptible to buffer overflows, providing a large argument in a call to native code might trigger an overflow. Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations. large ID in packet used as array index negative array index as argument to POP LIST command Integer signedness error leads to negative array index product does not properly track a count and a maximum number, which can lead to resultant array index overflow. Chain: device driver for packet-capturing software allows access to an unintended IOCTL with resultant array index error. Chain: array index error (CWE-129) leads to deadlock (CWE-833)

References

416baaa9-dc9f-4396-8d5f-8c081fb06d67 Patch

https://git.kernel.org/stable/c/166a0bddcc27de41fe13f861c8348e8e53e988c8 Patch
https://git.kernel.org/stable/c/47b3dce100778001cd76f7e9188944b5cb27a76d Patch
https://git.kernel.org/stable/c/7789a1d6792af410aa9b39a1eb237ed24fa2170a Patch
https://git.kernel.org/stable/c/7f4da759092a1a6ce35fb085182d02de8cc4cc84 Patch
https://git.kernel.org/stable/c/a44f88f7576bc1916d8d6293f5c62fbe7cbe03e0 Patch
https://git.kernel.org/stable/c/ab11dac93d2d568d151b1918d7b84c2d02bacbd5 Patch
https://git.kernel.org/stable/c/b579ea3516c371ecf59d073772bc45dfd28c8a0e Patch
https://git.kernel.org/stable/c/c719b393374d3763e64900ee19aaed767d5a08d6 Patch

CPE

cpe	start	end
Configuration 1
cpe:2.3:o:linux:linux_kernel::::::::		< 4.19.320
cpe:2.3:o:linux:linux_kernel::::::::	>= 4.20	< 5.4.282
cpe:2.3:o:linux:linux_kernel::::::::	>= 5.5	< 5.10.224
cpe:2.3:o:linux:linux_kernel::::::::	>= 5.11	< 5.15.165
cpe:2.3:o:linux:linux_kernel::::::::	>= 5.16	< 6.1.103
cpe:2.3:o:linux:linux_kernel::::::::	>= 6.2	< 6.6.44
cpe:2.3:o:linux:linux_kernel::::::::	>= 6.7	< 6.10.3

REMEDIATION

Patch

Url
https://git.kernel.org/stable/c/166a0bddcc27de41fe13f861c8348e8e53e988c8
https://git.kernel.org/stable/c/47b3dce100778001cd76f7e9188944b5cb27a76d
https://git.kernel.org/stable/c/7789a1d6792af410aa9b39a1eb237ed24fa2170a
https://git.kernel.org/stable/c/7f4da759092a1a6ce35fb085182d02de8cc4cc84
https://git.kernel.org/stable/c/a44f88f7576bc1916d8d6293f5c62fbe7cbe03e0
https://git.kernel.org/stable/c/ab11dac93d2d568d151b1918d7b84c2d02bacbd5
https://git.kernel.org/stable/c/b579ea3516c371ecf59d073772bc45dfd28c8a0e
https://git.kernel.org/stable/c/c719b393374d3763e64900ee19aaed767d5a08d6

EXPLOITS

Exploit-db.com

id	description	date
No known exploits

POC Github

Url
No known exploits

Other Nist (github, ...)

Url
No known exploits

CAPEC

Common Attack Pattern Enumerations and Classifications

id	description	severity
100	Overflow Buffers Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an adversary. As a consequence, an adversary is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the adversaries' choice. [Identify target application] The adversary identifies a target application or program to perform the buffer overflow on. Adversaries often look for applications that accept user input and that perform manual memory management. [Find injection vector] The adversary identifies an injection vector to deliver the excessive content to the targeted application's buffer. [Craft overflow content] The adversary crafts the content to be injected. If the intent is to simply cause the software to crash, the content need only consist of an excessive quantity of random data. If the intent is to leverage the overflow for execution of arbitrary code, the adversary crafts the payload in such a way that the overwritten return address is replaced with one of the adversary's choosing. [Overflow the buffer] Using the injection vector, the adversary injects the crafted overflow content into the buffer.	Very High

Cybersecurity needs ?

Strengthen software security from the outset with our DevSecOps expertise

Integrate security right from the start of the software development cycle for more robust applications and greater customer confidence.
Our team of DevSecOps experts can help you secure your APIs, data pipelines, CI/CD chains, Docker containers and Kubernetes deployments.

Discover this offer

Soutenez No Hack Me sur Tipeee