CVE-2024-38587

Published Jun 19, 2024

Last updated 15 days ago

CVSS medium 5.3

Overview

Description: In the Linux kernel, the following vulnerability has been resolved: speakup: Fix sizeof() vs ARRAY_SIZE() bug The "buf" pointer is an array of u16 values. This code should be using ARRAY_SIZE() (which is 256) instead of sizeof() (which is 512), otherwise it can the still got out of bounds.
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Secondary
Base score: 5.3
Impact score: 1.4
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Severity: MEDIUM

Weaknesses

nvd@nist.gov: CWE-129

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C3A3E00C-AF83-424B-8A6F-F779432C5C82",
            "versionEndExcluding": "4.19.316",
            "versionStartIncluding": "4.19.313"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "466FC42E-75FE-4FDC-82C6-15C3FDE27AE2",
            "versionEndExcluding": "5.4.278",
            "versionStartIncluding": "5.4.275"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "148141E6-8BE1-411A-8827-03B1166336F6",
            "versionEndExcluding": "5.10.219",
            "versionStartIncluding": "5.10.216"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B654D858-BF90-4D2D-AF2D-A2DD8EC29BA6",
            "versionEndExcluding": "5.15.161",
            "versionStartIncluding": "5.15.157"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5EF60D2B-5C71-49D4-92A0-0B21749968AB",
            "versionEndExcluding": "6.1.93",
            "versionStartIncluding": "6.1.88"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B20F2535-E6A9-4C11-B5CE-3CE990AD9C22",
            "versionEndExcluding": "6.6.33",
            "versionStartIncluding": "6.6.29"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "30D1CFCA-A043-4D33-9686-31B2A044DE2F",
            "versionEndExcluding": "6.8.12",
            "versionStartIncluding": "6.8.8"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E07124C1-19E8-4D21-828D-9932A01D3011",
            "versionEndExcluding": "6.9.3",
            "versionStartIncluding": "6.9"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References