{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2024-42236","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-07-30T07:40:12.252Z","datePublished":"2024-08-07T15:14:25.642Z","dateUpdated":"2026-01-05T10:52:05.655Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-01-05T10:52:05.655Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: configfs: Prevent OOB read/write in usb_string_copy()\n\nUserspace provided string 's' could trivially have the length zero. Left\nunchecked this will firstly result in an OOB read in the form\n`if (str[0 - 1] == '\\n') followed closely by an OOB write in the form\n`str[0 - 1] = '\\0'`.\n\nThere is already a validating check to catch strings that are too long.\nLet's supply an additional check for invalid strings that are too short."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/usb/gadget/configfs.c"],"versions":[{"version":"88af8bbe4ef781031ad3370847553f3b42ba0076","lessThan":"a444c3fc264119801575ab086e03fb4952f23fd0","status":"affected","versionType":"git"},{"version":"88af8bbe4ef781031ad3370847553f3b42ba0076","lessThan":"c95fbdde87e39e5e0ae27f28bf6711edfb985caa","status":"affected","versionType":"git"},{"version":"88af8bbe4ef781031ad3370847553f3b42ba0076","lessThan":"e8474a10c535e6a2024c3b06e37e4a3a23beb490","status":"affected","versionType":"git"},{"version":"88af8bbe4ef781031ad3370847553f3b42ba0076","lessThan":"72b8ee0d9826e8ed00e0bdfce3e46b98419b37ce","status":"affected","versionType":"git"},{"version":"88af8bbe4ef781031ad3370847553f3b42ba0076","lessThan":"2d16f63d8030903e5031853e79d731ee5d474e70","status":"affected","versionType":"git"},{"version":"88af8bbe4ef781031ad3370847553f3b42ba0076","lessThan":"d1205033e912f9332c1dbefa812e6ceb0575ce0a","status":"affected","versionType":"git"},{"version":"88af8bbe4ef781031ad3370847553f3b42ba0076","lessThan":"eecfefad0953b2f31aaefa058f7f348ff39c4bba","status":"affected","versionType":"git"},{"version":"88af8bbe4ef781031ad3370847553f3b42ba0076","lessThan":"6d3c721e686ea6c59e18289b400cc95c76e927e0","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/usb/gadget/configfs.c"],"versions":[{"version":"3.10","status":"affected"},{"version":"0","lessThan":"3.10","status":"unaffected","versionType":"semver"},{"version":"4.19.318","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.280","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.222","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.163","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.100","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.41","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.9.10","lessThanOrEqual":"6.9.*","status":"unaffected","versionType":"semver"},{"version":"6.10","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.10","versionEndExcluding":"4.19.318"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.10","versionEndExcluding":"5.4.280"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.10","versionEndExcluding":"5.10.222"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.10","versionEndExcluding":"5.15.163"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.10","versionEndExcluding":"6.1.100"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.10","versionEndExcluding":"6.6.41"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.10","versionEndExcluding":"6.9.10"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.10","versionEndExcluding":"6.10"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/a444c3fc264119801575ab086e03fb4952f23fd0"},{"url":"https://git.kernel.org/stable/c/c95fbdde87e39e5e0ae27f28bf6711edfb985caa"},{"url":"https://git.kernel.org/stable/c/e8474a10c535e6a2024c3b06e37e4a3a23beb490"},{"url":"https://git.kernel.org/stable/c/72b8ee0d9826e8ed00e0bdfce3e46b98419b37ce"},{"url":"https://git.kernel.org/stable/c/2d16f63d8030903e5031853e79d731ee5d474e70"},{"url":"https://git.kernel.org/stable/c/d1205033e912f9332c1dbefa812e6ceb0575ce0a"},{"url":"https://git.kernel.org/stable/c/eecfefad0953b2f31aaefa058f7f348ff39c4bba"},{"url":"https://git.kernel.org/stable/c/6d3c721e686ea6c59e18289b400cc95c76e927e0"}],"title":"usb: gadget: configfs: Prevent OOB read/write in usb_string_copy()","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2024-42236","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-09-10T16:14:04.317460Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-11T17:34:32.140Z"}},{"title":"CVE Program Container","references":[{"url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T22:02:37.767Z"}}]}}