2024-08-17 09:21:55
Linux
PUBLISHED
In the Linux kernel, the following vulnerability has been resolved: bna: adjust name buf size of bna_tcb and bna_ccb structures To have enough space to write all possible sprintf() args. Currently name size is 16, but the first %s specifier may already need at least 16 characters, since bnad->netdev->name is used there. For %d specifiers, assume that they require: * 1 char for tx_id + tx_info->tcb[i]->id sum, BNAD_MAX_TXQ_PER_TX is 8 * 2 chars for rx_id + rx_info->rx_ctrl[i].ccb->id, BNAD_MAX_RXP_PER_RX is 16 And replace sprintf with snprintf. Detected using the static analysis tool - Svace.