{"id":"CVE-2024-26736","summary":"afs: Increase buffer size in afs_update_volume_status()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nafs: Increase buffer size in afs_update_volume_status()\n\nThe max length of volume-\u003evid value is 20 characters.\nSo increase idbuf[] size up to 24 to avoid overflow.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.\n\n[DH: Actually, it's 20 + NUL, so increase it to 24 and use snprintf()]","modified":"2026-04-02T10:05:49.156897Z","published":"2024-04-03T17:00:22.693Z","related":["SUSE-SU-2024:1490-1","SUSE-SU-2024:1659-1","SUSE-SU-2024:1663-1","SUSE-SU-2024:2135-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/26xxx/CVE-2024-26736.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/5c27d85a69fa16a08813ba37ddfb4bbc9a1ed6b5"},{"type":"WEB","url":"https://git.kernel.org/stable/c/6e6065dd25b661420fac19c34282b6c626fcd35e"},{"type":"WEB","url":"https://git.kernel.org/stable/c/6ea38e2aeb72349cad50e38899b0ba6fbcb2af3d"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d34a5e57632bb5ff825196ddd9a48ca403626dfa"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d9b5e2b7a8196850383c70d099bfd39e81ab6637"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e56662160fc24d28cb75ac095cc6415ae1bda43e"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e8530b170e464017203e3b8c6c49af6e916aece1"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/26xxx/CVE-2024-26736.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26736"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"d2ddc776a4581d900fc3bdc7803b403daae64d88"},{"fixed":"5c27d85a69fa16a08813ba37ddfb4bbc9a1ed6b5"},{"fixed":"d9b5e2b7a8196850383c70d099bfd39e81ab6637"},{"fixed":"e56662160fc24d28cb75ac095cc6415ae1bda43e"},{"fixed":"e8530b170e464017203e3b8c6c49af6e916aece1"},{"fixed":"6e6065dd25b661420fac19c34282b6c626fcd35e"},{"fixed":"d34a5e57632bb5ff825196ddd9a48ca403626dfa"},{"fixed":"6ea38e2aeb72349cad50e38899b0ba6fbcb2af3d"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-26736.json"}}],"schema_version":"1.7.5"}