| === chris14_ is now known as chris14 | ||
| RonDesmond | Hello, I noticed the Ubuntu OVAL feed seems to have some discrepancies with the security page for CVE-2024-26597 | 21:49 |
|---|---|---|
| -ubottu:#ubuntu-security- In the Linux kernel, the following vulnerability has been resolved: net: qualcomm: rmnet: fix global oob in rmnet_policy The variable rmnet_link_ops assign a *bigger* maxtype which leads to a global out-of-bounds read when parsing the netlink attributes. See bug trace below: ================================================================== BUG: KASAN: global-out-o... <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26597> | 21:50 | |
| RonDesmond | The OVAL feed reports the following: | 21:51 |
| RonDesmond | <definition class="vulnerability" id="oval:com.ubuntu.jammy:def:2024265970000000" version="1"> <metadata> <title>CVE-2024-26597 on Ubuntu 22.04 LTS (jammy) - high</title> <description>In the Linux kernel, the following vulnerability has been resolved: net:qualcomm: rmnet...</description> <affected family="unix"> <platform>Ubuntu 22.04 LTS</ | 21:51 |
| -ubottu:#ubuntu-security- In the Linux kernel, the following vulnerability has been resolved: net: qualcomm: rmnet: fix global oob in rmnet_policy The variable rmnet_link_ops assign a *bigger* maxtype which leads to a global out-of-bounds read when parsing the netlink attributes. See bug trace below: ================================================================== BUG: KASAN: global-out-o... <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26597> | 21:51 | |
| RonDesmond | While the CVE page reports that linux-gcp-6.5 has a fixed version (https://ubuntu.com/security/CVE-2024-26597): 6.5.0-1016.16~22.04.1 | 21:51 |
| RonDesmond | Apologies for the formatting of the OVAL XML: you can verify this by looking at the OVAL Jammy files at https://security-metadata.canonical.com/oval/ | 21:52 |
| === JanC_ is now known as JanC | ||
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!