UBUNTU-CVE-2024-36016

Description

In the Linux kernel, the following vulnerability has been resolved: tty: n_gsm: fix possible out-of-bounds in gsm0_receive() Assuming the following: - side A configures the n_gsm in basic option mode - side B sends the header of a basic option mode frame with data length 1 - side A switches to advanced option mode - side B sends 2 data bytes which exceeds gsm->len Reason: gsm->len is not used in advanced option mode. - side A switches to basic option mode - side B keeps sending until gsm0_receive() writes past gsm->buf Reason: Neither gsm->state nor gsm->len have been reset after reconfiguration. Fix this by changing gsm->count to gsm->len comparison from equal to less than. Also add upper limit checks against the constant MAX_MRU in gsm0_receive() and gsm1_receive() to harden against memory corruption of gsm->len and gsm->mru. All other checks remain as we still need to limit the data according to the user configuration and actual payload size.

CVSS Metrics

• v3.1•HIGH•Score: 7.7CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Affected Systems

• ubuntu•linux

  all | < 4.4.0-257.291 | < 4.15.0-227.239 | < 5.4.0-190.210 | < 5.15.0-117.127 | < 6.8.0-39.39

• ubuntu•linux-allwinner-5.19

  all

• ubuntu•linux-aws

  < 4.4.0-1134.140 | < 4.4.0-1172.187 | < 4.15.0-1170.183 | < 5.4.0-1129.139 | < 5.15.0-1066.72 | < 6.8.0-1012.13

• ubuntu•linux-aws-5.0

  all

• ubuntu•linux-aws-5.11

  all

• ubuntu•linux-aws-5.13

  all

• ubuntu•linux-aws-5.15

  < 5.15.0-1066.72~20.04.1

• ubuntu•linux-aws-5.19

  all

• ubuntu•linux-aws-5.3

  all

• ubuntu•linux-aws-5.4

  < 5.4.0-1129.139~18.04.1

• ubuntu•linux-aws-5.8

  all

• ubuntu•linux-aws-6.2

  all

• ubuntu•linux-aws-6.5

  all

• ubuntu•linux-aws-6.8

  < 6.8.0-1013.14~22.04.1

• ubuntu•linux-aws-fips

  < 4.15.0-2109.115 | all | < 5.4.0-1129.139+fips1 | < 5.15.0-1066.72+fips1

• ubuntu•linux-aws-hwe

  < 4.15.0-1170.183~16.04.1

• ubuntu•linux-azure

  < 4.15.0-1179.194~14.04.1 | < 4.15.0-1179.194~16.04.1 | all | < 5.4.0-1134.141 | < 5.15.0-1070.79 | < 6.8.0-1012.14

• ubuntu•linux-azure-4.15

  < 4.15.0-1179.194

• ubuntu•linux-azure-5.11

  all

• ubuntu•linux-azure-5.13

  all

• ubuntu•linux-azure-5.15

  < 5.15.0-1070.79~20.04.1

• ubuntu•linux-azure-5.19

  all

• ubuntu•linux-azure-5.3

  all

• ubuntu•linux-azure-5.4

  < 5.4.0-1134.141~18.04.1

• ubuntu•linux-azure-5.8

  all

• ubuntu•linux-azure-6.2

  all

• ubuntu•linux-azure-6.5

  all

• ubuntu•linux-azure-6.8

  < 6.8.0-1012.14~22.04.1

• ubuntu•linux-azure-edge

  all

• ubuntu•linux-azure-fde

  all | < 5.15.0-1070.79.1

• ubuntu•linux-azure-fde-5.19

  all

• ubuntu•linux-azure-fde-6.2

  all

• ubuntu•linux-azure-fips

  < 4.15.0-2088.94 | all | < 5.4.0-1134.141+fips1 | < 5.15.0-1070.79+fips1

• ubuntu•linux-bluefield

  < 5.15.0-1048.50 | < 5.4.0-1089.96 | < 5.15.0-1048.50 | all

• ubuntu•linux-fips

  < 4.4.0-1103.110 | all | < 4.15.0-1125.136 | < 5.4.0-1103.113 | < 5.15.0-117.127+fips1 | < 6.8.0-78.78+fips1

• ubuntu•linux-gcp

  < 4.15.0-1164.181~16.04.1 | all | < 5.4.0-1133.142 | < 5.15.0-1065.73 | < 6.8.0-1011.12

• ubuntu•linux-gcp-4.15

  < 4.15.0-1164.181

• ubuntu•linux-gcp-5.11

  all

• ubuntu•linux-gcp-5.13

  all

• ubuntu•linux-gcp-5.15

  < 5.15.0-1065.73~20.04.1

• ubuntu•linux-gcp-5.19

  all

• ubuntu•linux-gcp-5.3

  all

• ubuntu•linux-gcp-5.4

  < 5.4.0-1133.142~18.04.1

• ubuntu•linux-gcp-5.8

  all

• ubuntu•linux-gcp-6.2

  all

• ubuntu•linux-gcp-6.5

  all

• ubuntu•linux-gcp-6.8

  < 6.8.0-1011.12~22.04.1

• ubuntu•linux-gcp-fips

  < 4.15.0-2072.77 | all | < 5.4.0-1133.142+fips1 | < 5.15.0-1065.73+fips1

• ubuntu•linux-gke

  all | < 5.15.0-1063.69 | < 6.8.0-1007.10

• ubuntu•linux-gke-4.15

  all

Showing first 50 affected entries in server-rendered view.

References (22)

• https://ubuntu.com/security/CVE-2024-36016
• https://www.cve.org/CVERecord?id=CVE-2024-36016
• https://git.kernel.org/linus/47388e807f85948eefc403a8a5fdc5b406a65d5a
• https://git.kernel.org/stable/c/47388e807f85948eefc403a8a5fdc5b406a65d5a
• https://ubuntu.com/security/notices/USN-6923-1
• https://ubuntu.com/security/notices/USN-6921-1
• https://ubuntu.com/security/notices/USN-6924-1
• https://ubuntu.com/security/notices/USN-6926-1
• https://ubuntu.com/security/notices/USN-6921-2
• https://ubuntu.com/security/notices/USN-6923-2
• https://ubuntu.com/security/notices/USN-6927-1
• https://ubuntu.com/security/notices/USN-6924-2
• https://ubuntu.com/security/notices/USN-6938-1
• https://ubuntu.com/security/notices/USN-6926-2
• https://ubuntu.com/security/notices/USN-6952-1
• https://ubuntu.com/security/notices/USN-6953-1
• https://ubuntu.com/security/notices/USN-6926-3
• https://ubuntu.com/security/notices/USN-6956-1
• https://ubuntu.com/security/notices/USN-6957-1
• https://ubuntu.com/security/notices/USN-6952-2
• https://ubuntu.com/security/notices/USN-6979-1
• https://ubuntu.com/security/notices/USN-7019-1