{"dataType":"CVE_RECORD","cveMetadata":{"cveId":"CVE-2024-38579","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-06-18T19:36:34.926Z","datePublished":"2024-06-19T13:37:37.154Z","dateUpdated":"2025-11-04T17:21:33.961Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T09:14:32.487Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: bcm - Fix pointer arithmetic\n\nIn spu2_dump_omd() value of ptr is increased by ciph_key_len\ninstead of hash_iv_len which could lead to going beyond the\nbuffer boundaries.\nFix this bug by changing ciph_key_len to hash_iv_len.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/crypto/bcm/spu2.c"],"versions":[{"version":"9d12ba86f818aa9cfe9f01b750336aa441f2ffa2","lessThan":"c256b616067bfd6d274c679c06986b78d2402434","status":"affected","versionType":"git"},{"version":"9d12ba86f818aa9cfe9f01b750336aa441f2ffa2","lessThan":"e719c8991c161977a67197775067ab456b518c7b","status":"affected","versionType":"git"},{"version":"9d12ba86f818aa9cfe9f01b750336aa441f2ffa2","lessThan":"ebed0d666fa709bae9e8cafa8ec6e7ebd1d318c6","status":"affected","versionType":"git"},{"version":"9d12ba86f818aa9cfe9f01b750336aa441f2ffa2","lessThan":"c69a1e4b419c2c466dd8c5602bdebadc353973dd","status":"affected","versionType":"git"},{"version":"9d12ba86f818aa9cfe9f01b750336aa441f2ffa2","lessThan":"49833a8da6407e7e9b532cc4054fdbcaf78f5fdd","status":"affected","versionType":"git"},{"version":"9d12ba86f818aa9cfe9f01b750336aa441f2ffa2","lessThan":"d0f14ae223c2421b334c1f1a9e48f1e809aee3a0","status":"affected","versionType":"git"},{"version":"9d12ba86f818aa9cfe9f01b750336aa441f2ffa2","lessThan":"c0082ee420639a97e40cae66778b02b341b005e5","status":"affected","versionType":"git"},{"version":"9d12ba86f818aa9cfe9f01b750336aa441f2ffa2","lessThan":"3b7a40740f04e2f27114dfd6225c5e721dda9d57","status":"affected","versionType":"git"},{"version":"9d12ba86f818aa9cfe9f01b750336aa441f2ffa2","lessThan":"2b3460cbf454c6b03d7429e9ffc4fe09322eb1a9","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/crypto/bcm/spu2.c"],"versions":[{"version":"4.11","status":"affected"},{"version":"0","lessThan":"4.11","status":"unaffected","versionType":"semver"},{"version":"4.19.316","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.278","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.219","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.161","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.93","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.33","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.8.12","lessThanOrEqual":"6.8.*","status":"unaffected","versionType":"semver"},{"version":"6.9.3","lessThanOrEqual":"6.9.*","status":"unaffected","versionType":"semver"},{"version":"6.10","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.11","versionEndExcluding":"4.19.316"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.11","versionEndExcluding":"5.4.278"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.11","versionEndExcluding":"5.10.219"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.11","versionEndExcluding":"5.15.161"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.11","versionEndExcluding":"6.1.93"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.11","versionEndExcluding":"6.6.33"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.11","versionEndExcluding":"6.8.12"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.11","versionEndExcluding":"6.9.3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.11","versionEndExcluding":"6.10"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/c256b616067bfd6d274c679c06986b78d2402434"},{"url":"https://git.kernel.org/stable/c/e719c8991c161977a67197775067ab456b518c7b"},{"url":"https://git.kernel.org/stable/c/ebed0d666fa709bae9e8cafa8ec6e7ebd1d318c6"},{"url":"https://git.kernel.org/stable/c/c69a1e4b419c2c466dd8c5602bdebadc353973dd"},{"url":"https://git.kernel.org/stable/c/49833a8da6407e7e9b532cc4054fdbcaf78f5fdd"},{"url":"https://git.kernel.org/stable/c/d0f14ae223c2421b334c1f1a9e48f1e809aee3a0"},{"url":"https://git.kernel.org/stable/c/c0082ee420639a97e40cae66778b02b341b005e5"},{"url":"https://git.kernel.org/stable/c/3b7a40740f04e2f27114dfd6225c5e721dda9d57"},{"url":"https://git.kernel.org/stable/c/2b3460cbf454c6b03d7429e9ffc4fe09322eb1a9"}],"title":"crypto: bcm - Fix pointer arithmetic","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/c256b616067bfd6d274c679c06986b78d2402434","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/e719c8991c161977a67197775067ab456b518c7b","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/ebed0d666fa709bae9e8cafa8ec6e7ebd1d318c6","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/c69a1e4b419c2c466dd8c5602bdebadc353973dd","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/49833a8da6407e7e9b532cc4054fdbcaf78f5fdd","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/d0f14ae223c2421b334c1f1a9e48f1e809aee3a0","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/c0082ee420639a97e40cae66778b02b341b005e5","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/3b7a40740f04e2f27114dfd6225c5e721dda9d57","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/2b3460cbf454c6b03d7429e9ffc4fe09322eb1a9","tags":["x_transferred"]},{"url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-04T17:21:33.961Z"}},{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2024-38579","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-09-10T17:14:03.011266Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-11T17:34:55.557Z"}}]},"dataVersion":"5.2"}