{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2024-39487","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-06-25T14:23:23.747Z","datePublished":"2024-07-09T09:52:07.664Z","dateUpdated":"2025-11-03T21:56:09.674Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T09:16:50.329Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set()\n\nIn function bond_option_arp_ip_targets_set(), if newval->string is an\nempty string, newval->string+1 will point to the byte after the\nstring, causing an out-of-bound read.\n\nBUG: KASAN: slab-out-of-bounds in strlen+0x7d/0xa0 lib/string.c:418\nRead of size 1 at addr ffff8881119c4781 by task syz-executor665/8107\nCPU: 1 PID: 8107 Comm: syz-executor665 Not tainted 6.7.0-rc7 #1\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nCall Trace:\n <TASK>\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0xd9/0x150 lib/dump_stack.c:106\n print_address_description mm/kasan/report.c:364 [inline]\n print_report+0xc1/0x5e0 mm/kasan/report.c:475\n kasan_report+0xbe/0xf0 mm/kasan/report.c:588\n strlen+0x7d/0xa0 lib/string.c:418\n __fortify_strlen include/linux/fortify-string.h:210 [inline]\n in4_pton+0xa3/0x3f0 net/core/utils.c:130\n bond_option_arp_ip_targets_set+0xc2/0x910\ndrivers/net/bonding/bond_options.c:1201\n __bond_opt_set+0x2a4/0x1030 drivers/net/bonding/bond_options.c:767\n __bond_opt_set_notify+0x48/0x150 drivers/net/bonding/bond_options.c:792\n bond_opt_tryset_rtnl+0xda/0x160 drivers/net/bonding/bond_options.c:817\n bonding_sysfs_store_option+0xa1/0x120 drivers/net/bonding/bond_sysfs.c:156\n dev_attr_store+0x54/0x80 drivers/base/core.c:2366\n sysfs_kf_write+0x114/0x170 fs/sysfs/file.c:136\n kernfs_fop_write_iter+0x337/0x500 fs/kernfs/file.c:334\n call_write_iter include/linux/fs.h:2020 [inline]\n new_sync_write fs/read_write.c:491 [inline]\n vfs_write+0x96a/0xd80 fs/read_write.c:584\n ksys_write+0x122/0x250 fs/read_write.c:637\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0x40/0x110 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n---[ end trace ]---\n\nFix it by adding a check of string length before using it."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/bonding/bond_options.c"],"versions":[{"version":"f9de11a165943a55e0fbda714caf60eaeb276a42","lessThan":"6a8a4fd082c439e19fede027e80c79bc4c84bb8e","status":"affected","versionType":"git"},{"version":"f9de11a165943a55e0fbda714caf60eaeb276a42","lessThan":"6b21346b399fd1336fe59233a17eb5ce73041ee1","status":"affected","versionType":"git"},{"version":"f9de11a165943a55e0fbda714caf60eaeb276a42","lessThan":"707c85ba3527ad6aa25552033576b0f1ff835d7b","status":"affected","versionType":"git"},{"version":"f9de11a165943a55e0fbda714caf60eaeb276a42","lessThan":"bfd14e5915c2669f292a31d028e75dcd82f1e7e9","status":"affected","versionType":"git"},{"version":"f9de11a165943a55e0fbda714caf60eaeb276a42","lessThan":"c8eb8ab9a44ff0e73492d0a12a643c449f641a9f","status":"affected","versionType":"git"},{"version":"f9de11a165943a55e0fbda714caf60eaeb276a42","lessThan":"b75e33eae8667084bd4a63e67657c6a5a0f8d1e8","status":"affected","versionType":"git"},{"version":"f9de11a165943a55e0fbda714caf60eaeb276a42","lessThan":"9f835e48bd4c75fdf6a9cff3f0b806a7abde78da","status":"affected","versionType":"git"},{"version":"f9de11a165943a55e0fbda714caf60eaeb276a42","lessThan":"e271ff53807e8f2c628758290f0e499dbe51cb3d","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/bonding/bond_options.c"],"versions":[{"version":"3.13","status":"affected"},{"version":"0","lessThan":"3.13","status":"unaffected","versionType":"semver"},{"version":"4.19.318","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.280","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.222","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.163","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.98","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.39","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.9.9","lessThanOrEqual":"6.9.*","status":"unaffected","versionType":"semver"},{"version":"6.10","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.13","versionEndExcluding":"4.19.318"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.13","versionEndExcluding":"5.4.280"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.13","versionEndExcluding":"5.10.222"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.13","versionEndExcluding":"5.15.163"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.13","versionEndExcluding":"6.1.98"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.13","versionEndExcluding":"6.6.39"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.13","versionEndExcluding":"6.9.9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.13","versionEndExcluding":"6.10"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/6a8a4fd082c439e19fede027e80c79bc4c84bb8e"},{"url":"https://git.kernel.org/stable/c/6b21346b399fd1336fe59233a17eb5ce73041ee1"},{"url":"https://git.kernel.org/stable/c/707c85ba3527ad6aa25552033576b0f1ff835d7b"},{"url":"https://git.kernel.org/stable/c/bfd14e5915c2669f292a31d028e75dcd82f1e7e9"},{"url":"https://git.kernel.org/stable/c/c8eb8ab9a44ff0e73492d0a12a643c449f641a9f"},{"url":"https://git.kernel.org/stable/c/b75e33eae8667084bd4a63e67657c6a5a0f8d1e8"},{"url":"https://git.kernel.org/stable/c/9f835e48bd4c75fdf6a9cff3f0b806a7abde78da"},{"url":"https://git.kernel.org/stable/c/e271ff53807e8f2c628758290f0e499dbe51cb3d"}],"title":"bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set()","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-07-23T14:04:37.191643Z","id":"CVE-2024-39487","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-07-23T14:04:48.902Z"}},{"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/6a8a4fd082c439e19fede027e80c79bc4c84bb8e","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/6b21346b399fd1336fe59233a17eb5ce73041ee1","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/707c85ba3527ad6aa25552033576b0f1ff835d7b","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/bfd14e5915c2669f292a31d028e75dcd82f1e7e9","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/c8eb8ab9a44ff0e73492d0a12a643c449f641a9f","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/b75e33eae8667084bd4a63e67657c6a5a0f8d1e8","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/9f835e48bd4c75fdf6a9cff3f0b806a7abde78da","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/e271ff53807e8f2c628758290f0e499dbe51cb3d","tags":["x_transferred"]},{"url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T21:56:09.674Z"}}]}}