NVD Vulnerability Detail

CVE-2024-49995

Summary	In the Linux kernel, the following vulnerability has been resolved: tipc: guard against string buffer overrun Smatch reports that copying media_name and if_name to name_parts may overwrite the destination. .../bearer.c:166 bearer_name_validate() error: strcpy() 'media_name' too large for 'name_parts->media_name' (32 vs 16) .../bearer.c:167 bearer_name_validate() error: strcpy() 'if_name' too large for 'name_parts->if_name' (1010102 vs 16) This does seem to be the case so guard against this possibility by using strscpy() and failing if truncation occurs. Introduced by commit b97bf3fd8f6a ("[TIPC] Initial merge") Compile tested only.
Publication Date	Oct. 22, 2024, 3:15 a.m.
Registration Date	Oct. 22, 2024, 12:02 p.m.
Last Update	Nov. 9, 2024, 1:15 a.m.

Affected software configurations

Related information, measures and tools

No	URL	タグ
1	https://git.kernel.org/stable/c/e2b2558971e02ca33eb637a8350d68a48b3e8e46	Patch
2	https://git.kernel.org/stable/c/54dae0e9063ed23c9acf8d5ab9b18d3426a8ac18	Patch
3	https://git.kernel.org/stable/c/80c0be7bcf940ce9308311575c3aff8983c9b97a	Patch
4	https://git.kernel.org/stable/c/12d26aa7fd3cbdbc5149b6e516563478d575026e	Patch
5	https://git.kernel.org/stable/c/2ed7f42dfd3edb387034128ca5b0f639836d4ddd	Patch
6	https://git.kernel.org/stable/c/a18c7b239d02aafb791ae2c45226f6bb40641792	Patch
7	https://git.kernel.org/stable/c/6555a2a9212be6983d2319d65276484f7c5f431a	Patch
8	https://git.kernel.org/stable/c/8298b6e45fb4d8944f356b08e4ea3e54df5e0488
9	https://git.kernel.org/stable/c/c79768ffba5b6e95569a463a69b3101c95694867

Common Vulnerabilities List

JVN Vulnerability Information

Linux の Linux Kernel における脆弱性

Title	Linux の Linux Kernel における脆弱性
Summary	Linux の Linux Kernel には、不特定の脆弱性が存在します。
Possible impacts	情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Aug. 2, 2024, midnight
Registration Date	Oct. 29, 2024, 1:11 p.m.
Last Update	Aug. 20, 2025, 6:24 p.m.

Affected System

Linux

Linux Kernel 5.10.227 未満

Linux Kernel 5.11 以上 5.15.168 未満

Linux Kernel 5.16 以上 6.1.113 未満

Linux Kernel 6.11 以上 6.11.3 未満

Linux Kernel 6.2 以上 6.6.55 未満

Linux Kernel 6.7 以上 6.10.14 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2024-49995	https://www.cve.org/CVERecord?id=CVE-2024-49995
National Vulnerability Database (NVD)
2	CVE-2024-49995	https://nvd.nist.gov/vuln/detail/CVE-2024-49995

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-noinfo	https://www.ipa.go.jp/security/vuln/scap/cwe.html

ベンダー情報

No	Name	URL
Kernel.org git repositories
1	tipc: guard against string buffer overrun (12d26aa)	https://git.kernel.org/stable/c/12d26aa7fd3cbdbc5149b6e516563478d575026e
2	tipc: guard against string buffer overrun (2ed7f42)	https://git.kernel.org/stable/c/2ed7f42dfd3edb387034128ca5b0f639836d4ddd
3	tipc: guard against string buffer overrun (54dae0e)	https://git.kernel.org/stable/c/54dae0e9063ed23c9acf8d5ab9b18d3426a8ac18
4	tipc: guard against string buffer overrun (6555a2a)	https://git.kernel.org/stable/c/6555a2a9212be6983d2319d65276484f7c5f431a
5	tipc: guard against string buffer overrun (80c0be7)	https://git.kernel.org/stable/c/80c0be7bcf940ce9308311575c3aff8983c9b97a
6	tipc: guard against string buffer overrun (a18c7b2)	https://git.kernel.org/stable/c/a18c7b239d02aafb791ae2c45226f6bb40641792
7	tipc: guard against string buffer overrun (e2b2558)	https://git.kernel.org/stable/c/e2b2558971e02ca33eb637a8350d68a48b3e8e46
Linux Kernel
8	Linux Kernel Archives	https://www.kernel.org

その他

No	Name	URL
ICS-CERT ADVISORY
1	ICSA-25-226-07	https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07
JVN
2	JVNVU#92169998	https://jvn.jp/vu/JVNVU92169998/index.html

Change Log

No	Changed Details	Date of change
1	[2024年10月29日] 掲載	Oct. 29, 2024, 1:11 p.m.
2	[2025年08月20日] 参考情報：JVN (JVNVU#92169998) を追加参考情報：ICS-CERT ADVISORY (ICSA-25-226-07) を追加	Aug. 20, 2025, 6:24 p.m.