CVE-2024-58010

binfmt_flat: Fix integer overflow bug on 32 bit systems

Description

In the Linux kernel, the following vulnerability has been resolved: binfmt_flat: Fix integer overflow bug on 32 bit systems Most of these sizes and counts are capped at 256MB so the math doesn't result in an integer overflow. The "relocs" count needs to be checked as well. Otherwise on 32bit systems the calculation of "full_data" could be wrong. full_data = data_len + relocs * sizeof(unsigned long);

References

Link	Tags
https://git.kernel.org/stable/c/0b6be54d7386b7addbf9e5947366f94aad046938
https://git.kernel.org/stable/c/6fb98e0576ea155267e206286413dcb3a3d55c12
https://git.kernel.org/stable/c/bc8ca18b8ef4648532c001bd6c8151143b569275
https://git.kernel.org/stable/c/95506c7f33452450346fbe2975c1359100f854ca	patch
https://git.kernel.org/stable/c/d17ca8f2dfcf423c439859995910a20e38b86f00	patch
https://git.kernel.org/stable/c/a009378af674b808efcca1e2e67916e79ce866b3	patch
https://git.kernel.org/stable/c/8e8cd712bb06a507b26efd2a56155076aa454345	patch
https://git.kernel.org/stable/c/55cf2f4b945f6a6416cc2524ba740b83cc9af25a	patch

Frequently Asked Questions

What is the severity of CVE-2024-58010?: CVE-2024-58010 has been scored as a medium severity vulnerability.
How to fix CVE-2024-58010?: To fix CVE-2024-58010, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-58010 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2024-58010 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-58010?: CVE-2024-58010 affects Linux Linux, Linux Linux.

Description

Category

CWE-190 – Integer Overflow or Wraparound

References

Frequently Asked Questions