Bugzilla – Bug 1226778
VUL-0: CVE-2024-38585: kernel: tools/nolibc/stdlib: fix memory error in realloc()
Last modified: 2024-06-24 07:56:09 UTC
In the Linux kernel, the following vulnerability has been resolved: tools/nolibc/stdlib: fix memory error in realloc() Pass user_p_len to memcpy() instead of heap->len to prevent realloc() from copying an extra sizeof(heap) bytes from beyond the allocated region. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-38585 https://git.kernel.org/pub/scm/linux/security/vulns.git/plain/cve/published/2024/CVE-2024-38585.mbox https://git.kernel.org/stable/c/5996b2b2dac739f2a27da13de8eee5b85b2550b3 https://git.kernel.org/stable/c/f678c3c336559cf3255a32153e9a17c1be4e7c15 https://git.kernel.org/stable/c/8019d3dd921f39a237a9fab6d2ce716bfac0f983 https://git.kernel.org/stable/c/4e6f225aefeb712cdb870176b6621f02cf235b8c https://git.kernel.org/stable/c/791f4641142e2aced85de082e5783b4fb0b977c2 https://www.cve.org/CVERecord?id=CVE-2024-38585 https://bugzilla.redhat.com/show_bug.cgi?id=2293404
Closing affected branches as WONTFIX since this is a test library, not used in production.