VYPR
Unrated severityNVD Advisory· Published Jun 19, 2024· Updated May 4, 2025

rcu: Fix buffer overflow in print_cpu_stall_info()

CVE-2024-38576

Description

In the Linux kernel, the following vulnerability has been resolved:

rcu: Fix buffer overflow in print_cpu_stall_info()

The rcuc-starvation output from print_cpu_stall_info() might overflow the buffer if there is a huge difference in jiffies difference. The situation might seem improbable, but computers sometimes get very confused about time, which can result in full-sized integers, and, in this case, buffer overflow.

Also, the unsigned jiffies difference is printed using %ld, which is normally for signed integers. This is intentional for debugging purposes, but it is not obvious from the code.

This commit therefore changes sprintf() to snprintf() and adds a clarifying comment about intention of %ld format.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

63

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.