CVE-2024-50131

tracing: Consider the NULL character when validating the event length

Description

In the Linux kernel, the following vulnerability has been resolved: tracing: Consider the NULL character when validating the event length strlen() returns a string length excluding the null byte. If the string length equals to the maximum buffer length, the buffer will have no space for the NULL terminating character. This commit checks this condition and returns failure for it.

Category

7.8
CVSS
Severity: High
CVSS 3.1 •
EPSS 0.03%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/5e3231b352725ff4a3a0095e6035af674f2d8725
https://git.kernel.org/stable/c/02874ca52df2ca2423ba6122039315ed61c25972
https://git.kernel.org/stable/c/b86b0d6eea204116e4185acc35041ca4ff11a642 patch
https://git.kernel.org/stable/c/f4ed40d1c669bba1a54407d8182acdc405683f29 patch
https://git.kernel.org/stable/c/a14a075a14af8d622c576145455702591bdde09d patch
https://git.kernel.org/stable/c/5fd942598ddeed9a212d1ff41f9f5b47bcc990a7 patch
https://git.kernel.org/stable/c/0b6e2e22cb23105fcb171ab92f0f7516c69c8471 patch

Frequently Asked Questions

What is the severity of CVE-2024-50131?
CVE-2024-50131 has been scored as a high severity vulnerability.
How to fix CVE-2024-50131?
To fix CVE-2024-50131, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-50131 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-50131 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-50131?
CVE-2024-50131 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.