CVE-2024-26994

speakup: Avoid crash on very long word

Description

In the Linux kernel, the following vulnerability has been resolved: speakup: Avoid crash on very long word In case a console is set up really large and contains a really long word (> 256 characters), we have to stop before the length of the word buffer.

5.9
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.09%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/756c5cb7c09e537b87b5d3acafcb101b2ccf394f
https://git.kernel.org/stable/c/8f6b62125befe1675446923e4171eac2c012959c
https://git.kernel.org/stable/c/6401038acfa24cba9c28cce410b7505efadd0222
https://git.kernel.org/stable/c/0d130158db29f5e0b3893154908cf618896450a8
https://git.kernel.org/stable/c/89af25bd4b4bf6a71295f07e07a8ae7dc03c6595
https://git.kernel.org/stable/c/8defb1d22ba0395b81feb963b96e252b097ba76f
https://git.kernel.org/stable/c/0efb15c14c493263cb3a5f65f5ddfd4603d19a76
https://git.kernel.org/stable/c/c8d2f34ea96ea3bce6ba2535f867f0d4ee3b22e1
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

Frequently Asked Questions

What is the severity of CVE-2024-26994?
CVE-2024-26994 has been scored as a medium severity vulnerability.
How to fix CVE-2024-26994?
To fix CVE-2024-26994, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-26994 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-26994 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-26994?
CVE-2024-26994 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.